Analysis Run

019b3844-a539-7086-a60d-172aa955648b

complete

Chain ID

1

Address

0x0000000000a39bb272e79075ade125fd351887ac

Block Number

—

Created

Fri, Dec 19, 2025 8:19 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Untrusted DELEGATECALL target reachable

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
16155	artifact.fetch	complete	1 / 3	3 months ago
16156	tool.cast_disasm	complete	1 / 3	3 months ago
106525	analysis.bundle	complete	1 / 3	1 week ago
106526	capability.graph	complete	1 / 3	1 week ago
106527	detector.run	complete	1 / 3	1 week ago
106528	validation.fork	complete	1 / 3	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

2

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

0

EXT*/BALANCE

2

Total opcodes

373

Flags

delegatecall_present

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH2 0x0013
00000009: JUMPI
0000000a: PUSH2 0x0011
0000000d: PUSH2 0x0017
00000010: JUMP
00000011: JUMPDEST
00000012: STOP
00000013: JUMPDEST
00000014: PUSH2 0x0011
00000017: JUMPDEST
00000018: PUSH2 0x0027
0000001b: PUSH2 0x0022
0000001e: PUSH2 0x005e
00000021: JUMP
00000022: JUMPDEST
00000023: PUSH2 0x00a3
00000026: JUMP
00000027: JUMPDEST
00000028: JUMP
00000029: JUMPDEST
0000002a: PUSH1 0x60
0000002c: PUSH2 0x004e
0000002f: DUP4
00000030: DUP4
00000031: PUSH1 0x40
00000033: MLOAD
00000034: DUP1
00000035: PUSH1 0x60
00000037: ADD
00000038: PUSH1 0x40
0000003a: MSTORE
0000003b: DUP1
0000003c: PUSH1 0x27
0000003e: DUP2
0000003f: MSTORE
00000040: PUSH1 0x20
00000042: ADD
00000043: PUSH2 0x0271
00000046: PUSH1 0x27
00000048: SWAP2
00000049: CODECOPY
0000004a: PUSH2 0x00c7
0000004d: JUMP
0000004e: JUMPDEST
0000004f: SWAP4
00000050: SWAP3
00000051: POP
00000052: POP
00000053: POP
00000054: JUMP
00000055: JUMPDEST
00000056: EXTCODESIZE
00000057: ISZERO
00000058: ISZERO
00000059: SWAP1
0000005a: JUMP
0000005b: JUMPDEST
0000005c: SWAP1
0000005d: JUMP
0000005e: JUMPDEST
0000005f: PUSH1 0x00
00000061: PUSH2 0x009e
00000064: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
00000085: SLOAD
00000086: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000009b: AND
0000009c: SWAP1
0000009d: JUMP
0000009e: JUMPDEST
0000009f: SWAP1
000000a0: POP
000000a1: SWAP1
000000a2: JUMP
000000a3: JUMPDEST
000000a4: CALLDATASIZE
000000a5: PUSH1 0x00
000000a7: DUP1
000000a8: CALLDATACOPY
000000a9: PUSH1 0x00
000000ab: DUP1
000000ac: CALLDATASIZE
000000ad: PUSH1 0x00
000000af: DUP5
000000b0: GAS
000000b1: DELEGATECALL
000000b2: RETURNDATASIZE
000000b3: PUSH1 0x00
000000b5: DUP1
000000b6: RETURNDATACOPY
000000b7: DUP1
000000b8: DUP1
000000b9: ISZERO
000000ba: PUSH2 0x00c2
000000bd: JUMPI
000000be: RETURNDATASIZE
000000bf: PUSH1 0x00
000000c1: RETURN
000000c2: JUMPDEST
000000c3: RETURNDATASIZE
000000c4: PUSH1 0x00
000000c6: REVERT
000000c7: JUMPDEST
000000c8: PUSH1 0x60
000000ca: DUP4
000000cb: EXTCODESIZE
000000cc: PUSH2 0x0142
000000cf: JUMPI
000000d0: PUSH1 0x40
000000d2: MLOAD
000000d3: PUSH3 0x461bcd
000000d7: PUSH1 0xe5
000000d9: SHL
000000da: DUP2
000000db: MSTORE
000000dc: PUSH1 0x20
000000de: PUSH1 0x04
000000e0: DUP3
000000e1: ADD
000000e2: MSTORE
000000e3: PUSH1 0x26
000000e5: PUSH1 0x24
000000e7: DUP3
000000e8: ADD
000000e9: MSTORE
000000ea: PUSH32 0x416464726573733a2064656c65676174652063616c6c20746f206e6f6e2d636f
0000010b: PUSH1 0x44
0000010d: DUP3
0000010e: ADD
0000010f: MSTORE
00000110: PUSH32 0x6e74726163740000000000000000000000000000000000000000000000000000
00000131: PUSH1 0x64
00000133: DUP3
00000134: ADD
00000135: MSTORE
00000136: PUSH1 0x84
00000138: ADD
00000139: JUMPDEST
0000013a: PUSH1 0x40
0000013c: MLOAD
0000013d: DUP1
0000013e: SWAP2
0000013f: SUB
00000140: SWAP1
00000141: REVERT
00000142: JUMPDEST
00000143: PUSH1 0x00
00000145: DUP1
00000146: DUP6
00000147: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000015c: AND
0000015d: DUP6
0000015e: PUSH1 0x40
00000160: MLOAD
00000161: PUSH2 0x016a
00000164: SWAP2
00000165: SWAP1
00000166: PUSH2 0x0221
00000169: JUMP
0000016a: JUMPDEST
0000016b: PUSH1 0x00
0000016d: PUSH1 0x40
0000016f: MLOAD
00000170: DUP1
00000171: DUP4
00000172: SUB
00000173: DUP2
00000174: DUP6
00000175: GAS
00000176: DELEGATECALL
00000177: SWAP2
00000178: POP
00000179: POP
0000017a: RETURNDATASIZE
0000017b: DUP1
0000017c: PUSH1 0x00
0000017e: DUP2
0000017f: EQ
00000180: PUSH2 0x01a5
00000183: JUMPI
00000184: PUSH1 0x40
00000186: MLOAD
00000187: SWAP2
00000188: POP
00000189: PUSH1 0x1f
0000018b: NOT
0000018c: PUSH1 0x3f
0000018e: RETURNDATASIZE
0000018f: ADD
00000190: AND
00000191: DUP3
00000192: ADD
00000193: PUSH1 0x40
00000195: MSTORE
00000196: RETURNDATASIZE
00000197: DUP3
00000198: MSTORE
00000199: RETURNDATASIZE
0000019a: PUSH1 0x00
0000019c: PUSH1 0x20
0000019e: DUP5
0000019f: ADD
000001a0: RETURNDATACOPY
000001a1: PUSH2 0x01aa
000001a4: JUMP
000001a5: JUMPDEST
000001a6: PUSH1 0x60
000001a8: SWAP2
000001a9: POP
000001aa: JUMPDEST
000001ab: POP
000001ac: SWAP2
000001ad: POP
000001ae: SWAP2
000001af: POP
000001b0: PUSH2 0x01ba
000001b3: DUP3
000001b4: DUP3
000001b5: DUP7
000001b6: PUSH2 0x01c4
000001b9: JUMP
000001ba: JUMPDEST
000001bb: SWAP7
000001bc: SWAP6
000001bd: POP
000001be: POP
000001bf: POP
000001c0: POP
000001c1: POP
000001c2: POP
000001c3: JUMP
000001c4: JUMPDEST
000001c5: PUSH1 0x60
000001c7: DUP4
000001c8: ISZERO
000001c9: PUSH2 0x01d3
000001cc: JUMPI
000001cd: POP
000001ce: DUP2
000001cf: PUSH2 0x004e
000001d2: JUMP
000001d3: JUMPDEST
000001d4: DUP3
000001d5: MLOAD
000001d6: ISZERO
000001d7: PUSH2 0x01e3
000001da: JUMPI
000001db: DUP3
000001dc: MLOAD
000001dd: DUP1
000001de: DUP5
000001df: PUSH1 0x20
000001e1: ADD
000001e2: REVERT
000001e3: JUMPDEST
000001e4: DUP2
000001e5: PUSH1 0x40
000001e7: MLOAD
000001e8: PUSH3 0x461bcd
000001ec: PUSH1 0xe5
000001ee: SHL
000001ef: DUP2
000001f0: MSTORE
000001f1: PUSH1 0x04
000001f3: ADD
000001f4: PUSH2 0x0139
000001f7: SWAP2
000001f8: SWAP1
000001f9: PUSH2 0x023d
000001fc: JUMP
000001fd: JUMPDEST
000001fe: PUSH1 0x00
00000200: JUMPDEST
00000201: DUP4
00000202: DUP2
00000203: LT
00000204: ISZERO
00000205: PUSH2 0x0218
00000208: JUMPI
00000209: DUP2
0000020a: DUP2
0000020b: ADD
0000020c: MLOAD
0000020d: DUP4
0000020e: DUP3
0000020f: ADD
00000210: MSTORE
00000211: PUSH1 0x20
00000213: ADD
00000214: PUSH2 0x0200
00000217: JUMP
00000218: JUMPDEST
00000219: POP
0000021a: POP
0000021b: PUSH1 0x00
0000021d: SWAP2
0000021e: ADD
0000021f: MSTORE
00000220: JUMP
00000221: JUMPDEST
00000222: PUSH1 0x00
00000224: DUP3
00000225: MLOAD
00000226: PUSH2 0x0233
00000229: DUP2
0000022a: DUP5
0000022b: PUSH1 0x20
0000022d: DUP8
0000022e: ADD
0000022f: PUSH2 0x01fd
00000232: JUMP
00000233: JUMPDEST
00000234: SWAP2
00000235: SWAP1
00000236: SWAP2
00000237: ADD
00000238: SWAP3
00000239: SWAP2
0000023a: POP
0000023b: POP
0000023c: JUMP
0000023d: JUMPDEST
0000023e: PUSH1 0x20
00000240: DUP2
00000241: MSTORE
00000242: PUSH1 0x00
00000244: DUP3
00000245: MLOAD
00000246: DUP1
00000247: PUSH1 0x20
00000249: DUP5
0000024a: ADD
0000024b: MSTORE
0000024c: PUSH2 0x025c
0000024f: DUP2
00000250: PUSH1 0x40
00000252: DUP6
00000253: ADD
00000254: PUSH1 0x20
00000256: DUP8
00000257: ADD
00000258: PUSH2 0x01fd
0000025b: JUMP
0000025c: JUMPDEST
0000025d: PUSH1 0x1f
0000025f: ADD
00000260: PUSH1 0x1f
00000262: NOT
00000263: AND
00000264: SWAP2
00000265: SWAP1
00000266: SWAP2
00000267: ADD
00000268: PUSH1 0x40
0000026a: ADD
0000026b: SWAP3
0000026c: SWAP2
0000026d: POP
0000026e: POP
0000026f: JUMP
00000270: INVALID
00000271: COINBASE
00000272: PUSH5 0x6472657373
00000278: GASPRICE
00000279: KECCAK256
0000027a: PUSH13 0x6f772d6c6576656c2064656c65
00000288: PUSH8 0x6174652063616c6c
00000291: KECCAK256
00000292: PUSH7 0x61696c6564a164
0000029a: PUSH20

View stderr

Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
critical	upgradeability	detector	Untrusted DELEGATECALL target reachable	70	no	no	view trace_id: 0x8d4417cbf197aff66724c7ea68af1c79e1be928baef2f60c06e1693cc7dceb46 call_targets: 0x01a656024de4b89e2d0198bf4d468e8fd2358b17 target_varies: no classification: constant_target validation_json { "sink": "DELEGATECALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x8d4417cbf197aff66724c7ea68af1c79e1be928baef2f60c06e1693cc7dceb46", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x01a656024de4b89e2d0198bf4d468e8fd2358b17" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 177, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" }, { "pc": 374, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" } ], "guards_detected": [], "delegatecall_count": 2, "untrusted_delegatecall_count": 2 }

Severity