TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-aa28-70c4-a951-6e8ba57b5d63

complete
Chain ID
1
Address
0x0ad1b3766f572c71cdfc4073f3effe1bbf129385
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
17011 artifact.fetch complete 1 / 3 3 months ago
17012 tool.cast_disasm complete 1 / 3 3 months ago
60214 analysis.bundle complete 1 / 3 1 week ago
60215 capability.graph complete 1 / 3 1 week ago
60216 detector.run complete 1 / 3 1 week ago
60217 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
1
CALL-family (heavy)
3
EXT*/BALANCE
2
Total opcodes
431
Flags
create_opcodes_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x002d
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x75e68502
00000019: EQ
0000001a: PUSH2 0x0036
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0xcbbf7280
00000024: EQ
00000025: PUSH2 0x007e
00000028: JUMPI
00000029: PUSH2 0x0034
0000002c: JUMP
0000002d: JUMPDEST
0000002e: CALLDATASIZE
0000002f: PUSH2 0x0034
00000032: JUMPI
00000033: STOP
00000034: JUMPDEST
00000035: STOP
00000036: JUMPDEST
00000037: CALLVALUE
00000038: DUP1
00000039: ISZERO
0000003a: PUSH2 0x0042
0000003d: JUMPI
0000003e: PUSH1 0x00
00000040: DUP1
00000041: REVERT
00000042: JUMPDEST
00000043: POP
00000044: PUSH2 0x0034
00000047: PUSH1 0x04
00000049: DUP1
0000004a: CALLDATASIZE
0000004b: SUB
0000004c: PUSH1 0x40
0000004e: DUP2
0000004f: LT
00000050: ISZERO
00000051: PUSH2 0x0059
00000054: JUMPI
00000055: PUSH1 0x00
00000057: DUP1
00000058: REVERT
00000059: JUMPDEST
0000005a: POP
0000005b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000070: DUP2
00000071: CALLDATALOAD
00000072: DUP2
00000073: AND
00000074: SWAP2
00000075: PUSH1 0x20
00000077: ADD
00000078: CALLDATALOAD
00000079: AND
0000007a: PUSH2 0x00be
0000007d: JUMP
0000007e: JUMPDEST
0000007f: CALLVALUE
00000080: DUP1
00000081: ISZERO
00000082: PUSH2 0x008a
00000085: JUMPI
00000086: PUSH1 0x00
00000088: DUP1
00000089: REVERT
0000008a: JUMPDEST
0000008b: POP
0000008c: PUSH2 0x0034
0000008f: PUSH1 0x04
00000091: DUP1
00000092: CALLDATASIZE
00000093: SUB
00000094: PUSH1 0x20
00000096: DUP2
00000097: LT
00000098: ISZERO
00000099: PUSH2 0x00a1
0000009c: JUMPI
0000009d: PUSH1 0x00
0000009f: DUP1
000000a0: REVERT
000000a1: JUMPDEST
000000a2: POP
000000a3: CALLDATALOAD
000000a4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000b9: AND
000000ba: PUSH2 0x028b
000000bd: JUMP
000000be: JUMPDEST
000000bf: CALLER
000000c0: PUSH20 0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0
000000d5: EQ
000000d6: PUSH2 0x0140
000000d9: JUMPI
000000da: PUSH1 0x40
000000dc: DUP1
000000dd: MLOAD
000000de: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000000ff: DUP2
00000100: MSTORE
00000101: PUSH1 0x20
00000103: PUSH1 0x04
00000105: DUP3
00000106: ADD
00000107: MSTORE
00000108: PUSH1 0x16
0000010a: PUSH1 0x24
0000010c: DUP3
0000010d: ADD
0000010e: MSTORE
0000010f: PUSH32 0x54782073656e646572206973206e6f74206f776e657200000000000000000000
00000130: PUSH1 0x44
00000132: DUP3
00000133: ADD
00000134: MSTORE
00000135: SWAP1
00000136: MLOAD
00000137: SWAP1
00000138: DUP2
00000139: SWAP1
0000013a: SUB
0000013b: PUSH1 0x64
0000013d: ADD
0000013e: SWAP1
0000013f: REVERT
00000140: JUMPDEST
00000141: PUSH1 0x40
00000143: DUP1
00000144: MLOAD
00000145: PUSH32 0x70a0823100000000000000000000000000000000000000000000000000000000
00000166: DUP2
00000167: MSTORE
00000168: ADDRESS
00000169: PUSH1 0x04
0000016b: DUP3
0000016c: ADD
0000016d: MSTORE
0000016e: SWAP1
0000016f: MLOAD
00000170: DUP4
00000171: SWAP2
00000172: PUSH1 0x00
00000174: SWAP2
00000175: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000018a: DUP5
0000018b: AND
0000018c: SWAP2
0000018d: PUSH4 0x70a08231
00000192: SWAP2
00000193: PUSH1 0x24
00000195: DUP1
00000196: DUP4
00000197: ADD
00000198: SWAP3
00000199: PUSH1 0x20
0000019b: SWAP3
0000019c: SWAP2
0000019d: SWAP1
0000019e: DUP3
0000019f: SWAP1
000001a0: SUB
000001a1: ADD
000001a2: DUP2
000001a3: DUP7
000001a4: DUP1
000001a5: EXTCODESIZE
000001a6: ISZERO
000001a7: DUP1
000001a8: ISZERO
000001a9: PUSH2 0x01b1
000001ac: JUMPI
000001ad: PUSH1 0x00
000001af: DUP1
000001b0: REVERT
000001b1: JUMPDEST
000001b2: POP
000001b3: GAS
000001b4: STATICCALL
000001b5: ISZERO
000001b6: DUP1
000001b7: ISZERO
000001b8: PUSH2 0x01c5
000001bb: JUMPI
000001bc: RETURNDATASIZE
000001bd: PUSH1 0x00
000001bf: DUP1
000001c0: RETURNDATACOPY
000001c1: RETURNDATASIZE
000001c2: PUSH1 0x00
000001c4: REVERT
000001c5: JUMPDEST
000001c6: POP
000001c7: POP
000001c8: POP
000001c9: POP
000001ca: PUSH1 0x40
000001cc: MLOAD
000001cd: RETURNDATASIZE
000001ce: PUSH1 0x20
000001d0: DUP2
000001d1: LT
000001d2: ISZERO
000001d3: PUSH2 0x01db
000001d6: JUMPI
000001d7: PUSH1 0x00
000001d9: DUP1
000001da: REVERT
000001db: JUMPDEST
000001dc: POP
000001dd: MLOAD
000001de: PUSH1 0x40
000001e0: DUP1
000001e1: MLOAD
000001e2: PUSH32 0xa9059cbb00000000000000000000000000000000000000000000000000000000
00000203: DUP2
00000204: MSTORE
00000205: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000021a: DUP7
0000021b: DUP2
0000021c: AND
0000021d: PUSH1 0x04
0000021f: DUP4
00000220: ADD
00000221: MSTORE
00000222: PUSH1 0x24
00000224: DUP3
00000225: ADD
00000226: DUP5
00000227: SWAP1
00000228: MSTORE
00000229: SWAP2
0000022a: MLOAD
0000022b: SWAP3
0000022c: SWAP4
0000022d: POP
0000022e: SWAP1
0000022f: DUP5
00000230: AND
00000231: SWAP2
00000232: PUSH4 0xa9059cbb
00000237: SWAP2
00000238: PUSH1 0x44
0000023a: DUP1
0000023b: DUP3
0000023c: ADD
0000023d: SWAP3
0000023e: PUSH1 0x20
00000240: SWAP3
00000241: SWAP1
00000242: SWAP2
00000243: SWAP1
00000244: DUP3
00000245: SWAP1
00000246: SUB
00000247: ADD
00000248: DUP2
00000249: PUSH1 0x00
0000024b: DUP8
0000024c: DUP1
0000024d: EXTCODESIZE
0000024e: ISZERO
0000024f: DUP1
00000250: ISZERO
00000251: PUSH2 0x0259
00000254: JUMPI
00000255: PUSH1 0x00
00000257: DUP1
00000258: REVERT
00000259: JUMPDEST
0000025a: POP
0000025b: GAS
0000025c: CALL
0000025d: ISZERO
0000025e: DUP1
0000025f: ISZERO
00000260: PUSH2 0x026d
00000263: JUMPI
00000264: RETURNDATASIZE
00000265: PUSH1 0x00
00000267: DUP1
00000268: RETURNDATACOPY
00000269: RETURNDATASIZE
0000026a: PUSH1 0x00
0000026c: REVERT
0000026d: JUMPDEST
0000026e: POP
0000026f: POP
00000270: POP
00000271: POP
00000272: PUSH1 0x40
00000274: MLOAD
00000275: RETURNDATASIZE
00000276: PUSH1 0x20
00000278: DUP2
00000279: LT
0000027a: ISZERO
0000027b: PUSH2 0x0283
0000027e: JUMPI
0000027f: PUSH1 0x00
00000281: DUP1
00000282: REVERT
00000283: JUMPDEST
00000284: POP
00000285: POP
00000286: POP
00000287: POP
00000288: POP
00000289: POP
0000028a: JUMP
0000028b: JUMPDEST
0000028c: CALLER
0000028d: PUSH20 0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0
000002a2: EQ
000002a3: PUSH2 0x030d
000002a6: JUMPI
000002a7: PUSH1 0x40
000002a9: DUP1
000002aa: MLOAD
000002ab: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000002cc: DUP2
000002cd: MSTORE
000002ce: PUSH1 0x20
000002d0: PUSH1 0x04
000002d2: DUP3
000002d3: ADD
000002d4: MSTORE
000002d5: PUSH1 0x16
000002d7: PUSH1 0x24
000002d9: DUP3
000002da: ADD
000002db: MSTORE
000002dc: PUSH32 0x54782073656e646572206973206e6f74206f776e657200000000000000000000
000002fd: PUSH1 0x44
000002ff: DUP3
00000300: ADD
00000301: MSTORE
00000302: SWAP1
00000303: MLOAD
00000304: SWAP1
00000305: DUP2
00000306: SWAP1
00000307: SUB
00000308: PUSH1 0x64
0000030a: ADD
0000030b: SWAP1
0000030c: REVERT
0000030d: JUMPDEST
0000030e: PUSH1 0x40
00000310: MLOAD
00000311: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000326: DUP3
00000327: AND
00000328: SWAP1
00000329: SELFBALANCE
0000032a: DUP1
0000032b: ISZERO
0000032c: PUSH2 0x08fc
0000032f: MUL
00000330: SWAP2
00000331: PUSH1 0x00
00000333: DUP2
00000334: DUP2
00000335: DUP2
00000336: DUP6
00000337: DUP9
00000338: DUP9
00000339: CALL
0000033a: SWAP4
0000033b: POP
0000033c: POP
0000033d: POP
0000033e: POP
0000033f: ISZERO
00000340: DUP1
00000341: ISZERO
00000342: PUSH2 0x034f
00000345: JUMPI
00000346: RETURNDATASIZE
00000347: PUSH1 0x00
00000349: DUP1
0000034a: RETURNDATACOPY
0000034b: RETURNDATASIZE
0000034c: PUSH1 0x00
0000034e: REVERT
0000034f: JUMPDEST
00000350: POP
00000351: POP
00000352: JUMP
00000353: INVALID
00000354: LOG2
00000355: PUSH5 0x6970667358
0000035b: UNKNOWN(0x22)
0000035c: SLT
0000035d: KECCAK256
0000035e: SELFBALANCE
0000035f: ISZERO
00000360: JUMPDEST
00000361: PUSH5 0xaed62fd62b
00000367: UNKNOWN(0xCA)
00000368: MSTORE
00000369: UNKNOWN(0x26)
0000036a: DUP1
0000036b: UNKNOWN(0xE9)
0000036c: DIV
0000036d: SSTORE
0000036e: UNKNOWN(0xB1)
0000036f: UNKNOWN(0x24)
00000370: UNKNOWN(0xC7)
00000371: CREATE2
00000372: MLOAD
00000373: UNKNOWN(0xA7)
00000374: TLOAD
00000375: DUP11
00000376: CALLDATACOPY
00000377: DUP1
00000378: CODESIZE
00000379: PUSH21
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium other detector Untrusted CALL target/value reachable 45 no no
view
trace_id: 0x52409e5c3c20809861416d670682541c59c61415a947e3b21ef7d27803fe287e
call_targets: 0x0ad1b3766f572c71cdfc4073f3effe1bbf129385
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x52409e5c3c20809861416d670682541c59c61415a947e3b21ef7d27803fe287e",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0ad1b3766f572c71cdfc4073f3effe1bbf129385"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x75e68502",
            "selector": "0x75e68502",
            "calldata_variants": [
                "0x75e68502",
                "0x75e685020000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcbbf7280",
            "selector": "0xcbbf7280",
            "calldata_variants": [
                "0xcbbf7280",
                "0xcbbf72800000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 604,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 825,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [
        {
            "pc": 213,
            "type": "msg_sender_eq_const",
            "value": 2.1970430717470183e+47
        },
        {
            "pc": 674,
            "type": "msg_sender_eq_const",
            "value": 2.1970430717470183e+47
        },
        {
            "pc": 191,
            "type": "msg_sender_eq_const",
            "value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
        },
        {
            "pc": 652,
            "type": "msg_sender_eq_const",
            "value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
        }
    ],
    "untrusted_call_count": 2
}
medium other detector ETH value transfer possible 40 no no
view
trace_id: 0x52409e5c3c20809861416d670682541c59c61415a947e3b21ef7d27803fe287e
call_targets: 0x0ad1b3766f572c71cdfc4073f3effe1bbf129385
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x52409e5c3c20809861416d670682541c59c61415a947e3b21ef7d27803fe287e",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x0ad1b3766f572c71cdfc4073f3effe1bbf129385"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x75e68502",
            "selector": "0x75e68502",
            "calldata_variants": [
                "0x75e68502",
                "0x75e685020000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcbbf7280",
            "selector": "0xcbbf7280",
            "calldata_variants": [
                "0xcbbf7280",
                "0xcbbf72800000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 604,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 825,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": [
        {
            "pc": 213,
            "type": "msg_sender_eq_const",
            "value": 2.1970430717470183e+47
        },
        {
            "pc": 674,
            "type": "msg_sender_eq_const",
            "value": 2.1970430717470183e+47
        },
        {
            "pc": 191,
            "type": "msg_sender_eq_const",
            "value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
        },
        {
            "pc": 652,
            "type": "msg_sender_eq_const",
            "value": "0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0"
        }
    ]
}
medium other detector CREATE/CREATE2 reachable 45 no no
view
trace_id: 0x7e307295c8aa936bd1458aba9d7dd46b077c81f6914a269894c4b6cdf01c123c
validation_json 
{
    "sink": "CREATE",
    "errors": 0,
    "status": "unknown",
    "attempts": 4,
    "trace_id": "0x7e307295c8aa936bd1458aba9d7dd46b077c81f6914a269894c4b6cdf01c123c",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x75e68502",
            "selector": "0x75e68502",
            "calldata_variants": [
                "0x75e68502",
                "0x75e685020000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xcbbf7280",
            "selector": "0xcbbf7280",
            "calldata_variants": [
                "0xcbbf7280",
                "0xcbbf72800000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "create_count": 0,
    "create2_count": 1
}