Analysis Run

019b3844-a9a2-7242-bc32-4d72809a7737

complete

Chain ID

1

Address

0x9485711f11b17f73f2ccc8561bcae05bdc7e9ad9

Block Number

—

Created

Fri, Dec 19, 2025 8:19 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Authorization based on tx.origin

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
16931	artifact.fetch	complete	1 / 3	3 months ago
16932	tool.cast_disasm	complete	1 / 3	3 months ago
60522	analysis.bundle	complete	1 / 3	1 week ago
60523	capability.graph	complete	1 / 3	1 week ago
60524	detector.run	complete	1 / 3	1 week ago
60525	validation.fork	complete	1 / 3	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

1

EXT*/BALANCE

0

Total opcodes

626

Flags

No heuristic flags raised.

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0056
0000000c: JUMPI
0000000d: PUSH0
0000000e: CALLDATALOAD
0000000f: PUSH1 0xe0
00000011: SHR
00000012: DUP1
00000013: PUSH3 0x258d6b
00000017: EQ
00000018: PUSH2 0x0061
0000001b: JUMPI
0000001c: DUP1
0000001d: PUSH4 0x12065fe0
00000022: EQ
00000023: PUSH2 0x009d
00000026: JUMPI
00000027: DUP1
00000028: PUSH4 0xba93ec29
0000002d: EQ
0000002e: PUSH2 0x00b7
00000031: JUMPI
00000032: DUP1
00000033: PUSH4 0xd0e30db0
00000038: EQ
00000039: PUSH2 0x00d5
0000003c: JUMPI
0000003d: DUP1
0000003e: PUSH4 0xe7b77f70
00000043: EQ
00000044: PUSH2 0x00df
00000047: JUMPI
00000048: DUP1
00000049: PUSH4 0xf3fef3a3
0000004e: EQ
0000004f: PUSH2 0x00fe
00000052: JUMPI
00000053: PUSH0
00000054: DUP1
00000055: REVERT
00000056: JUMPDEST
00000057: CALLDATASIZE
00000058: PUSH2 0x005d
0000005b: JUMPI
0000005c: STOP
0000005d: JUMPDEST
0000005e: PUSH0
0000005f: DUP1
00000060: REVERT
00000061: JUMPDEST
00000062: CALLVALUE
00000063: DUP1
00000064: ISZERO
00000065: PUSH2 0x006c
00000068: JUMPI
00000069: PUSH0
0000006a: DUP1
0000006b: REVERT
0000006c: JUMPDEST
0000006d: POP
0000006e: PUSH1 0x01
00000070: SLOAD
00000071: PUSH2 0x0080
00000074: SWAP1
00000075: PUSH1 0x01
00000077: PUSH1 0x01
00000079: PUSH1 0xa0
0000007b: SHL
0000007c: SUB
0000007d: AND
0000007e: DUP2
0000007f: JUMP
00000080: JUMPDEST
00000081: PUSH1 0x40
00000083: MLOAD
00000084: PUSH1 0x01
00000086: PUSH1 0x01
00000088: PUSH1 0xa0
0000008a: SHL
0000008b: SUB
0000008c: SWAP1
0000008d: SWAP2
0000008e: AND
0000008f: DUP2
00000090: MSTORE
00000091: PUSH1 0x20
00000093: ADD
00000094: JUMPDEST
00000095: PUSH1 0x40
00000097: MLOAD
00000098: DUP1
00000099: SWAP2
0000009a: SUB
0000009b: SWAP1
0000009c: RETURN
0000009d: JUMPDEST
0000009e: CALLVALUE
0000009f: DUP1
000000a0: ISZERO
000000a1: PUSH2 0x00a8
000000a4: JUMPI
000000a5: PUSH0
000000a6: DUP1
000000a7: REVERT
000000a8: JUMPDEST
000000a9: POP
000000aa: PUSH1 0x40
000000ac: MLOAD
000000ad: SELFBALANCE
000000ae: DUP2
000000af: MSTORE
000000b0: PUSH1 0x20
000000b2: ADD
000000b3: PUSH2 0x0094
000000b6: JUMP
000000b7: JUMPDEST
000000b8: CALLVALUE
000000b9: DUP1
000000ba: ISZERO
000000bb: PUSH2 0x00c2
000000be: JUMPI
000000bf: PUSH0
000000c0: DUP1
000000c1: REVERT
000000c2: JUMPDEST
000000c3: POP
000000c4: PUSH0
000000c5: SLOAD
000000c6: PUSH2 0x0080
000000c9: SWAP1
000000ca: PUSH1 0x01
000000cc: PUSH1 0x01
000000ce: PUSH1 0xa0
000000d0: SHL
000000d1: SUB
000000d2: AND
000000d3: DUP2
000000d4: JUMP
000000d5: JUMPDEST
000000d6: PUSH2 0x00dd
000000d9: PUSH2 0x011d
000000dc: JUMP
000000dd: JUMPDEST
000000de: STOP
000000df: JUMPDEST
000000e0: CALLVALUE
000000e1: DUP1
000000e2: ISZERO
000000e3: PUSH2 0x00ea
000000e6: JUMPI
000000e7: PUSH0
000000e8: DUP1
000000e9: REVERT
000000ea: JUMPDEST
000000eb: POP
000000ec: PUSH2 0x00dd
000000ef: PUSH2 0x00f9
000000f2: CALLDATASIZE
000000f3: PUSH1 0x04
000000f5: PUSH2 0x02c9
000000f8: JUMP
000000f9: JUMPDEST
000000fa: PUSH2 0x015f
000000fd: JUMP
000000fe: JUMPDEST
000000ff: CALLVALUE
00000100: DUP1
00000101: ISZERO
00000102: PUSH2 0x0109
00000105: JUMPI
00000106: PUSH0
00000107: DUP1
00000108: REVERT
00000109: JUMPDEST
0000010a: POP
0000010b: PUSH2 0x00dd
0000010e: PUSH2 0x0118
00000111: CALLDATASIZE
00000112: PUSH1 0x04
00000114: PUSH2 0x02e9
00000117: JUMP
00000118: JUMPDEST
00000119: PUSH2 0x01be
0000011c: JUMP
0000011d: JUMPDEST
0000011e: CALLVALUE
0000011f: PUSH0
00000120: SUB
00000121: PUSH2 0x015d
00000124: JUMPI
00000125: PUSH1 0x40
00000127: MLOAD
00000128: PUSH3 0x461bcd
0000012c: PUSH1 0xe5
0000012e: SHL
0000012f: DUP2
00000130: MSTORE
00000131: PUSH1 0x20
00000133: PUSH1 0x04
00000135: DUP3
00000136: ADD
00000137: MSTORE
00000138: PUSH1 0x09
0000013a: PUSH1 0x24
0000013c: DUP3
0000013d: ADD
0000013e: MSTORE
0000013f: PUSH9 0x1d1bdbc81cdb585b1b
00000149: PUSH1 0xba
0000014b: SHL
0000014c: PUSH1 0x44
0000014e: DUP3
0000014f: ADD
00000150: MSTORE
00000151: PUSH1 0x64
00000153: ADD
00000154: JUMPDEST
00000155: PUSH1 0x40
00000157: MLOAD
00000158: DUP1
00000159: SWAP2
0000015a: SUB
0000015b: SWAP1
0000015c: REVERT
0000015d: JUMPDEST
0000015e: JUMP
0000015f: JUMPDEST
00000160: PUSH0
00000161: SLOAD
00000162: PUSH1 0x01
00000164: PUSH1 0x01
00000166: PUSH1 0xa0
00000168: SHL
00000169: SUB
0000016a: AND
0000016b: CALLER
0000016c: EQ
0000016d: DUP1
0000016e: PUSH2 0x0181
00000171: JUMPI
00000172: POP
00000173: PUSH1 0x01
00000175: SLOAD
00000176: PUSH1 0x01
00000178: PUSH1 0x01
0000017a: PUSH1 0xa0
0000017c: SHL
0000017d: SUB
0000017e: AND
0000017f: CALLER
00000180: EQ
00000181: JUMPDEST
00000182: PUSH2 0x019d
00000185: JUMPI
00000186: PUSH1 0x40
00000188: MLOAD
00000189: PUSH3 0x461bcd
0000018d: PUSH1 0xe5
0000018f: SHL
00000190: DUP2
00000191: MSTORE
00000192: PUSH1 0x04
00000194: ADD
00000195: PUSH2 0x0154
00000198: SWAP1
00000199: PUSH2 0x0311
0000019c: JUMP
0000019d: JUMPDEST
0000019e: PUSH0
0000019f: DUP1
000001a0: SLOAD
000001a1: PUSH1 0x01
000001a3: PUSH1 0x01
000001a5: PUSH1 0xa0
000001a7: SHL
000001a8: SUB
000001a9: NOT
000001aa: AND
000001ab: PUSH1 0x01
000001ad: PUSH1 0x01
000001af: PUSH1 0xa0
000001b1: SHL
000001b2: SUB
000001b3: SWAP3
000001b4: SWAP1
000001b5: SWAP3
000001b6: AND
000001b7: SWAP2
000001b8: SWAP1
000001b9: SWAP2
000001ba: OR
000001bb: SWAP1
000001bc: SSTORE
000001bd: JUMP
000001be: JUMPDEST
000001bf: PUSH0
000001c0: SLOAD
000001c1: PUSH1 0x01
000001c3: PUSH1 0x01
000001c5: PUSH1 0xa0
000001c7: SHL
000001c8: SUB
000001c9: AND
000001ca: CALLER
000001cb: EQ
000001cc: DUP1
000001cd: PUSH2 0x01e0
000001d0: JUMPI
000001d1: POP
000001d2: PUSH1 0x01
000001d4: SLOAD
000001d5: PUSH1 0x01
000001d7: PUSH1 0x01
000001d9: PUSH1 0xa0
000001db: SHL
000001dc: SUB
000001dd: AND
000001de: CALLER
000001df: EQ
000001e0: JUMPDEST
000001e1: PUSH2 0x01fc
000001e4: JUMPI
000001e5: PUSH1 0x40
000001e7: MLOAD
000001e8: PUSH3 0x461bcd
000001ec: PUSH1 0xe5
000001ee: SHL
000001ef: DUP2
000001f0: MSTORE
000001f1: PUSH1 0x04
000001f3: ADD
000001f4: PUSH2 0x0154
000001f7: SWAP1
000001f8: PUSH2 0x0311
000001fb: JUMP
000001fc: JUMPDEST
000001fd: PUSH2 0x0206
00000200: DUP3
00000201: DUP3
00000202: PUSH2 0x020a
00000205: JUMP
00000206: JUMPDEST
00000207: POP
00000208: POP
00000209: JUMP
0000020a: JUMPDEST
0000020b: PUSH1 0x40
0000020d: DUP1
0000020e: MLOAD
0000020f: PUSH0
00000210: DUP1
00000211: DUP3
00000212: MSTORE
00000213: PUSH1 0x20
00000215: DUP3
00000216: ADD
00000217: SWAP1
00000218: SWAP3
00000219: MSTORE
0000021a: PUSH1 0x01
0000021c: PUSH1 0x01
0000021e: PUSH1 0xa0
00000220: SHL
00000221: SUB
00000222: DUP5
00000223: AND
00000224: SWAP1
00000225: DUP4
00000226: SWAP1
00000227: PUSH1 0x40
00000229: MLOAD
0000022a: PUSH2 0x0233
0000022d: SWAP2
0000022e: SWAP1
0000022f: PUSH2 0x0335
00000232: JUMP
00000233: JUMPDEST
00000234: PUSH0
00000235: PUSH1 0x40
00000237: MLOAD
00000238: DUP1
00000239: DUP4
0000023a: SUB
0000023b: DUP2
0000023c: DUP6
0000023d: DUP8
0000023e: GAS
0000023f: CALL
00000240: SWAP3
00000241: POP
00000242: POP
00000243: POP
00000244: RETURNDATASIZE
00000245: DUP1
00000246: PUSH0
00000247: DUP2
00000248: EQ
00000249: PUSH2 0x026d
0000024c: JUMPI
0000024d: PUSH1 0x40
0000024f: MLOAD
00000250: SWAP2
00000251: POP
00000252: PUSH1 0x1f
00000254: NOT
00000255: PUSH1 0x3f
00000257: RETURNDATASIZE
00000258: ADD
00000259: AND
0000025a: DUP3
0000025b: ADD
0000025c: PUSH1 0x40
0000025e: MSTORE
0000025f: RETURNDATASIZE
00000260: DUP3
00000261: MSTORE
00000262: RETURNDATASIZE
00000263: PUSH0
00000264: PUSH1 0x20
00000266: DUP5
00000267: ADD
00000268: RETURNDATACOPY
00000269: PUSH2 0x0272
0000026c: JUMP
0000026d: JUMPDEST
0000026e: PUSH1 0x60
00000270: SWAP2
00000271: POP
00000272: JUMPDEST
00000273: POP
00000274: POP
00000275: SWAP1
00000276: POP
00000277: DUP1
00000278: PUSH2 0x02a9
0000027b: JUMPI
0000027c: PUSH1 0x40
0000027e: MLOAD
0000027f: PUSH3 0x461bcd
00000283: PUSH1 0xe5
00000285: SHL
00000286: DUP2
00000287: MSTORE
00000288: PUSH1 0x20
0000028a: PUSH1 0x04
0000028c: DUP3
0000028d: ADD
0000028e: MSTORE
0000028f: PUSH1 0x03
00000291: PUSH1 0x24
00000293: DUP3
00000294: ADD
00000295: MSTORE
00000296: PUSH3 0x535445
0000029a: PUSH1 0xe8
0000029c: SHL
0000029d: PUSH1 0x44
0000029f: DUP3
000002a0: ADD
000002a1: MSTORE
000002a2: PUSH1 0x64
000002a4: ADD
000002a5: PUSH2 0x0154
000002a8: JUMP
000002a9: JUMPDEST
000002aa: POP
000002ab: POP
000002ac: POP
000002ad: JUMP
000002ae: JUMPDEST
000002af: DUP1
000002b0: CALLDATALOAD
000002b1: PUSH1 0x01
000002b3: PUSH1 0x01
000002b5: PUSH1 0xa0
000002b7: SHL
000002b8: SUB
000002b9: DUP2
000002ba: AND
000002bb: DUP2
000002bc: EQ
000002bd: PUSH2 0x02c4
000002c0: JUMPI
000002c1: PUSH0
000002c2: DUP1
000002c3: REVERT
000002c4: JUMPDEST
000002c5: SWAP2
000002c6: SWAP1
000002c7: POP
000002c8: JUMP
000002c9: JUMPDEST
000002ca: PUSH0
000002cb: PUSH1 0x20
000002cd: DUP3
000002ce: DUP5
000002cf: SUB
000002d0: SLT
000002d1: ISZERO
000002d2: PUSH2 0x02d9
000002d5: JUMPI
000002d6: PUSH0
000002d7: DUP1
000002d8: REVERT
000002d9: JUMPDEST
000002da: PUSH2 0x02e2
000002dd: DUP3
000002de: PUSH2 0x02ae
000002e1: JUMP
000002e2: JUMPDEST
000002e3: SWAP4
000002e4: SWAP3
000002e5: POP
000002e6: POP
000002e7: POP
000002e8: JUMP
000002e9: JUMPDEST
000002ea: PUSH0
000002eb: DUP1
000002ec: PUSH1 0x40
000002ee: DUP4
000002ef: DUP6
000002f0: SUB
000002f1: SLT
000002f2: ISZERO
000002f3: PUSH2 0x02fa
000002f6: JUMPI
000002f7: PUSH0
000002f8: DUP1
000002f9: REVERT
000002fa: JUMPDEST
000002fb: PUSH2 0x0303
000002fe: DUP4
000002ff: PUSH2 0x02ae
00000302: JUMP
00000303: JUMPDEST
00000304: SWAP5
00000305: PUSH1 0x20
00000307: SWAP4
00000308: SWAP1
00000309: SWAP4
0000030a: ADD
0000030b: CALLDATALOAD
0000030c: SWAP4
0000030d: POP
0000030e: POP
0000030f: POP
00000310: JUMP
00000311: JUMPDEST
00000312: PUSH1 0x20
00000314: DUP1
00000315: DUP3
00000316: MSTORE
00000317: PUSH1 0x0a
00000319: SWAP1
0000031a: DUP3
0000031b: ADD
0000031c: MSTORE
0000031d: PUSH10 0x1b9bdd081c195c9b5a5d
00000328: PUSH1 0xb2
0000032a: SHL
0000032b: PUSH1 0x40
0000032d: DUP3
0000032e: ADD
0000032f: MSTORE
00000330: PUSH1 0x60
00000332: ADD
00000333: SWAP1
00000334: JUMP
00000335: JUMPDEST
00000336: PUSH0
00000337: DUP3
00000338: MLOAD
00000339: PUSH0
0000033a: JUMPDEST
0000033b: DUP2
0000033c: DUP2
0000033d: LT
0000033e: ISZERO
0000033f: PUSH2 0x0354
00000342: JUMPI
00000343: PUSH1 0x20
00000345: DUP2
00000346: DUP7
00000347: ADD
00000348: DUP2
00000349: ADD
0000034a: MLOAD
0000034b: DUP6
0000034c: DUP4
0000034d: ADD
0000034e: MSTORE
0000034f: ADD
00000350: PUSH2 0x033a
00000353: JUMP
00000354: JUMPDEST
00000355: POP
00000356: PUSH0
00000357: SWAP3
00000358: ADD
00000359: SWAP2
0000035a: DUP3
0000035b: MSTORE
0000035c: POP
0000035d: SWAP2
0000035e: SWAP1
0000035f: POP
00000360: JUMP
00000361: INVALID
00000362: LOG2
00000363: PUSH5 0x6970667358
00000369: UNKNOWN(0x22)
0000036a: SLT
0000036b: KECCAK256
0000036c: PUSH6 0x21a7c2deab23
00000373: PC
00000374: LOG2
00000375: UNKNOWN(0xBD)
00000376: ORIGIN
00000377: SWAP15
00000378: PUSH30 0x1d5e591b0146b8dfb7ccf3eab70a9e3e8a902c64736f6c63430008150033

View stderr

Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	auth	detector	Authorization based on tx.origin	70	no	—	view validation_json { "reason": "missing sink mapping", "status": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x12065fe0", "selector": "0x12065fe0", "calldata_variants": [ "0x12065fe0", "0x12065fe00000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xba93ec29", "selector": "0xba93ec29", "calldata_variants": [ "0xba93ec29", "0xba93ec290000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xd0e30db0", "selector": "0xd0e30db0", "calldata_variants": [ "0xd0e30db0", "0xd0e30db00000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xe7b77f70", "selector": "0xe7b77f70", "calldata_variants": [ "0xe7b77f70", "0xe7b77f700000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf3fef3a3", "selector": "0xf3fef3a3", "calldata_variants": [ "0xf3fef3a3", "0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "guards_detected": [ { "pc": 886, "type": "tx_origin_used" } ] }
medium	other	detector	Untrusted CALL target/value reachable	45	no	no	view trace_id: 0xb7aa11c386063b95414dd2fcfa25da40daca99c5438aa1a326be3c555ce61505 call_targets: 0x9485711f11b17f73f2ccc8561bcae05bdc7e9ad9 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xb7aa11c386063b95414dd2fcfa25da40daca99c5438aa1a326be3c555ce61505", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x9485711f11b17f73f2ccc8561bcae05bdc7e9ad9" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x12065fe0", "selector": "0x12065fe0", "calldata_variants": [ "0x12065fe0", "0x12065fe00000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xba93ec29", "selector": "0xba93ec29", "calldata_variants": [ "0xba93ec29", "0xba93ec290000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xd0e30db0", "selector": "0xd0e30db0", "calldata_variants": [ "0xd0e30db0", "0xd0e30db00000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xe7b77f70", "selector": "0xe7b77f70", "calldata_variants": [ "0xe7b77f70", "0xe7b77f700000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf3fef3a3", "selector": "0xf3fef3a3", "calldata_variants": [ "0xf3fef3a3", "0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 575, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 1, "guards_detected": [ { "pc": 886, "type": "tx_origin_used" } ], "untrusted_call_count": 1 }
medium	other	detector	ETH value transfer possible	40	no	no	view trace_id: 0xb7aa11c386063b95414dd2fcfa25da40daca99c5438aa1a326be3c555ce61505 call_targets: 0x9485711f11b17f73f2ccc8561bcae05bdc7e9ad9 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xb7aa11c386063b95414dd2fcfa25da40daca99c5438aa1a326be3c555ce61505", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x9485711f11b17f73f2ccc8561bcae05bdc7e9ad9" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x12065fe0", "selector": "0x12065fe0", "calldata_variants": [ "0x12065fe0", "0x12065fe00000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xba93ec29", "selector": "0xba93ec29", "calldata_variants": [ "0xba93ec29", "0xba93ec290000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xd0e30db0", "selector": "0xd0e30db0", "calldata_variants": [ "0xd0e30db0", "0xd0e30db00000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xe7b77f70", "selector": "0xe7b77f70", "calldata_variants": [ "0xe7b77f70", "0xe7b77f700000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf3fef3a3", "selector": "0xf3fef3a3", "calldata_variants": [ "0xf3fef3a3", "0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 575, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 1, "guards_detected": [ { "pc": 886, "type": "tx_origin_used" } ] }

Severity

Category

Tool

Title

Confidence

Validated

Confirmed

Details

high

auth

detector

Authorization based on tx.origin

70

no

—

view

validation_json

{
    "reason": "missing sink mapping",
    "status": "no_sink"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x12065fe0",
            "selector": "0x12065fe0",
            "calldata_variants": [
                "0x12065fe0",
                "0x12065fe00000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xba93ec29",
            "selector": "0xba93ec29",
            "calldata_variants": [
                "0xba93ec29",
                "0xba93ec290000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd0e30db0",
            "selector": "0xd0e30db0",
            "calldata_variants": [
                "0xd0e30db0",
                "0xd0e30db00000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe7b77f70",
            "selector": "0xe7b77f70",
            "calldata_variants": [
                "0xe7b77f70",
                "0xe7b77f700000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf3fef3a3",
            "selector": "0xf3fef3a3",
            "calldata_variants": [
                "0xf3fef3a3",
                "0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "guards_detected": [
        {
            "pc": 886,
            "type": "tx_origin_used"
        }
    ]
}

medium

other

detector

Untrusted CALL target/value reachable

45

no

view

trace_id: 0xb7aa11c386063b95414dd2fcfa25da40daca99c5438aa1a326be3c555ce61505

call_targets: 0x9485711f11b17f73f2ccc8561bcae05bdc7e9ad9

target_varies: no

classification: constant_target

validation_json

{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xb7aa11c386063b95414dd2fcfa25da40daca99c5438aa1a326be3c555ce61505",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x9485711f11b17f73f2ccc8561bcae05bdc7e9ad9"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x12065fe0",
            "selector": "0x12065fe0",
            "calldata_variants": [
                "0x12065fe0",
                "0x12065fe00000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xba93ec29",
            "selector": "0xba93ec29",
            "calldata_variants": [
                "0xba93ec29",
                "0xba93ec290000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd0e30db0",
            "selector": "0xd0e30db0",
            "calldata_variants": [
                "0xd0e30db0",
                "0xd0e30db00000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe7b77f70",
            "selector": "0xe7b77f70",
            "calldata_variants": [
                "0xe7b77f70",
                "0xe7b77f700000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf3fef3a3",
            "selector": "0xf3fef3a3",
            "calldata_variants": [
                "0xf3fef3a3",
                "0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "examples": [
        {
            "pc": 575,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [
        {
            "pc": 886,
            "type": "tx_origin_used"
        }
    ],
    "untrusted_call_count": 1
}

medium

other

detector

ETH value transfer possible

40

no

view

trace_id: 0xb7aa11c386063b95414dd2fcfa25da40daca99c5438aa1a326be3c555ce61505

call_targets: 0x9485711f11b17f73f2ccc8561bcae05bdc7e9ad9

target_varies: no

classification: constant_target

validation_json

{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xb7aa11c386063b95414dd2fcfa25da40daca99c5438aa1a326be3c555ce61505",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x9485711f11b17f73f2ccc8561bcae05bdc7e9ad9"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x12065fe0",
            "selector": "0x12065fe0",
            "calldata_variants": [
                "0x12065fe0",
                "0x12065fe00000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xba93ec29",
            "selector": "0xba93ec29",
            "calldata_variants": [
                "0xba93ec29",
                "0xba93ec290000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd0e30db0",
            "selector": "0xd0e30db0",
            "calldata_variants": [
                "0xd0e30db0",
                "0xd0e30db00000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe7b77f70",
            "selector": "0xe7b77f70",
            "calldata_variants": [
                "0xe7b77f70",
                "0xe7b77f700000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf3fef3a3",
            "selector": "0xf3fef3a3",
            "calldata_variants": [
                "0xf3fef3a3",
                "0xf3fef3a30000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "examples": [
        {
            "pc": 575,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": [
        {
            "pc": 886,
            "type": "tx_origin_used"
        }
    ]
}