Analysis Run

019b3844-acc7-7150-b04c-10bb3adac1c8

complete

Chain ID

1

Address

0x48af88381e04a46484a7503cda6ea5cef97b8c22

Block Number

—

Created

Fri, Dec 19, 2025 8:19 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Untrusted DELEGATECALL target reachable

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
17469	artifact.fetch	complete	1 / 3	4 months ago
17470	tool.cast_disasm	complete	1 / 3	4 months ago
87044	analysis.bundle	complete	1 / 3	2 weeks ago
87045	capability.graph	complete	1 / 3	2 weeks ago
87046	detector.run	complete	1 / 3	2 weeks ago
87047	validation.fork	complete	1 / 3	2 weeks ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

1

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

0

EXT*/BALANCE

0

Total opcodes

132

Flags

delegatecall_present

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH1 0x10
00000008: JUMPI
00000009: PUSH1 0x0e
0000000b: PUSH1 0x18
0000000d: JUMP
0000000e: JUMPDEST
0000000f: STOP
00000010: JUMPDEST
00000011: PUSH1 0x16
00000013: PUSH1 0x18
00000015: JUMP
00000016: JUMPDEST
00000017: STOP
00000018: JUMPDEST
00000019: PUSH1 0x1e
0000001b: PUSH1 0x2c
0000001d: JUMP
0000001e: JUMPDEST
0000001f: PUSH1 0x2a
00000021: PUSH1 0x26
00000023: PUSH1 0x2e
00000025: JUMP
00000026: JUMPDEST
00000027: PUSH1 0x3a
00000029: JUMP
0000002a: JUMPDEST
0000002b: JUMP
0000002c: JUMPDEST
0000002d: JUMP
0000002e: JUMPDEST
0000002f: PUSH0
00000030: PUSH1 0x35
00000032: PUSH1 0x58
00000034: JUMP
00000035: JUMPDEST
00000036: SWAP1
00000037: POP
00000038: SWAP1
00000039: JUMP
0000003a: JUMPDEST
0000003b: CALLDATASIZE
0000003c: PUSH0
0000003d: DUP1
0000003e: CALLDATACOPY
0000003f: PUSH0
00000040: DUP1
00000041: CALLDATASIZE
00000042: PUSH0
00000043: DUP5
00000044: GAS
00000045: DELEGATECALL
00000046: RETURNDATASIZE
00000047: PUSH0
00000048: DUP1
00000049: RETURNDATACOPY
0000004a: DUP1
0000004b: PUSH0
0000004c: DUP2
0000004d: EQ
0000004e: PUSH1 0x54
00000050: JUMPI
00000051: RETURNDATASIZE
00000052: PUSH0
00000053: RETURN
00000054: JUMPDEST
00000055: RETURNDATASIZE
00000056: PUSH0
00000057: REVERT
00000058: JUMPDEST
00000059: PUSH0
0000005a: PUSH1 0x82
0000005c: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
0000007d: PUSH0
0000007e: SHL
0000007f: PUSH1 0xa9
00000081: JUMP
00000082: JUMPDEST
00000083: PUSH0
00000084: ADD
00000085: PUSH0
00000086: SWAP1
00000087: SLOAD
00000088: SWAP1
00000089: PUSH2 0x0100
0000008c: EXP
0000008d: SWAP1
0000008e: DIV
0000008f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000a4: AND
000000a5: SWAP1
000000a6: POP
000000a7: SWAP1
000000a8: JUMP
000000a9: JUMPDEST
000000aa: PUSH0
000000ab: DUP2
000000ac: SWAP1
000000ad: POP
000000ae: SWAP2
000000af: SWAP1
000000b0: POP
000000b1: JUMP
000000b2: INVALID
000000b3: LOG2
000000b4: PUSH5 0x6970667358
000000ba: UNKNOWN(0x22)
000000bb: SLT
000000bc: KECCAK256
000000bd: SELFBALANCE
000000be: CALLDATACOPY
000000bf: UNKNOWN(0xBC)
000000c0: PUSH18 0x87c1fda3078c06ebc2898a2ae878f583a71a
000000d3: ISZERO
000000d4: SMOD
000000d5: JUMPI
000000d6: ORIGIN
000000d7: UNKNOWN(0xB8)
000000d8: DUP12
000000d9: UNKNOWN(0x0E)
000000da: UNKNOWN(0xDA)
000000db: TSTORE
000000dc: UNKNOWN(0x4D)
000000dd: PUSH5 0x736f6c6343
000000e3: STOP
000000e4: ADDMOD
000000e5: ISZERO
000000e6: STOP
000000e7: CALLER

View stderr

Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	upgradeability	detector	Untrusted DELEGATECALL target reachable	55	no	no	view trace_id: 0xf25bacbb4e31a28a764ad750324cc081a13cb669c9e1011c382857f63e8d5c5d call_targets: 0x134ede251322ac66ceaf97dddc0031b2f59f5b88 target_varies: no classification: constant_target validation_json { "sink": "DELEGATECALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xf25bacbb4e31a28a764ad750324cc081a13cb669c9e1011c382857f63e8d5c5d", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x134ede251322ac66ceaf97dddc0031b2f59f5b88" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 69, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" } ], "guards_detected": [ { "pc": 214, "type": "tx_origin_used" } ], "delegatecall_count": 1, "untrusted_delegatecall_count": 1 }
high	auth	detector	Authorization based on tx.origin	70	no	—	view validation_json { "reason": "missing sink mapping", "status": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "guards_detected": [ { "pc": 214, "type": "tx_origin_used" } ] }

Severity

Category

Tool

Title

Confidence

Validated

Confirmed

Details

high

upgradeability

detector

Untrusted DELEGATECALL target reachable

55

no

view

trace_id: 0xf25bacbb4e31a28a764ad750324cc081a13cb669c9e1011c382857f63e8d5c5d

call_targets: 0x134ede251322ac66ceaf97dddc0031b2f59f5b88

target_varies: no

classification: constant_target

validation_json

{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xf25bacbb4e31a28a764ad750324cc081a13cb669c9e1011c382857f63e8d5c5d",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x134ede251322ac66ceaf97dddc0031b2f59f5b88"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}

evidence_json

{
    "examples": [
        {
            "pc": 69,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 214,
            "type": "tx_origin_used"
        }
    ],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}