TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-af0c-705f-9823-e871d143b467

complete
Chain ID
1
Address
0x4315990d9eeaffdfafd49958b4851f203fa1126f
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
17893 artifact.fetch complete 1 / 3 3 months ago
17894 tool.cast_disasm complete 1 / 3 3 months ago
61566 analysis.bundle complete 1 / 3 1 week ago
61567 capability.graph complete 1 / 3 1 week ago
61568 detector.run complete 1 / 3 1 week ago
61569 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
204
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH2 0x000b
00000009: JUMPI
0000000a: STOP
0000000b: JUMPDEST
0000000c: PUSH1 0x00
0000000e: DUP1
0000000f: PUSH32 0xc8fcad8db84d3cc18b4c41d551ea0ee66dd599cde068d998e57d5e09332c131c
00000030: SWAP1
00000031: POP
00000032: DUP1
00000033: SWAP2
00000034: POP
00000035: PUSH1 0x00
00000037: DUP3
00000038: PUSH1 0x00
0000003a: ADD
0000003b: PUSH1 0x00
0000003d: DUP1
0000003e: CALLDATALOAD
0000003f: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000
00000060: AND
00000061: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff
0000007e: NOT
0000007f: AND
00000080: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff
0000009d: NOT
0000009e: AND
0000009f: DUP2
000000a0: MSTORE
000000a1: PUSH1 0x20
000000a3: ADD
000000a4: SWAP1
000000a5: DUP2
000000a6: MSTORE
000000a7: PUSH1 0x20
000000a9: ADD
000000aa: PUSH1 0x00
000000ac: KECCAK256
000000ad: PUSH1 0x00
000000af: ADD
000000b0: PUSH1 0x00
000000b2: SWAP1
000000b3: SLOAD
000000b4: SWAP1
000000b5: PUSH2 0x0100
000000b8: EXP
000000b9: SWAP1
000000ba: DIV
000000bb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000d0: AND
000000d1: SWAP1
000000d2: POP
000000d3: PUSH1 0x00
000000d5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000ea: AND
000000eb: DUP2
000000ec: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000101: AND
00000102: SUB
00000103: PUSH2 0x0141
00000106: JUMPI
00000107: PUSH1 0x40
00000109: MLOAD
0000010a: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
0000012b: DUP2
0000012c: MSTORE
0000012d: PUSH1 0x04
0000012f: ADD
00000130: PUSH2 0x0138
00000133: SWAP1
00000134: PUSH2 0x01c4
00000137: JUMP
00000138: JUMPDEST
00000139: PUSH1 0x40
0000013b: MLOAD
0000013c: DUP1
0000013d: SWAP2
0000013e: SUB
0000013f: SWAP1
00000140: REVERT
00000141: JUMPDEST
00000142: CALLDATASIZE
00000143: PUSH1 0x00
00000145: DUP1
00000146: CALLDATACOPY
00000147: PUSH1 0x00
00000149: DUP1
0000014a: CALLDATASIZE
0000014b: PUSH1 0x00
0000014d: DUP5
0000014e: GAS
0000014f: DELEGATECALL
00000150: RETURNDATASIZE
00000151: PUSH1 0x00
00000153: DUP1
00000154: RETURNDATACOPY
00000155: DUP1
00000156: PUSH1 0x00
00000158: DUP2
00000159: EQ
0000015a: PUSH2 0x0162
0000015d: JUMPI
0000015e: RETURNDATASIZE
0000015f: PUSH1 0x00
00000161: RETURN
00000162: JUMPDEST
00000163: RETURNDATASIZE
00000164: PUSH1 0x00
00000166: REVERT
00000167: JUMPDEST
00000168: PUSH1 0x00
0000016a: DUP3
0000016b: DUP3
0000016c: MSTORE
0000016d: PUSH1 0x20
0000016f: DUP3
00000170: ADD
00000171: SWAP1
00000172: POP
00000173: SWAP3
00000174: SWAP2
00000175: POP
00000176: POP
00000177: JUMP
00000178: JUMPDEST
00000179: PUSH32 0x4469616d6f6e643a2046756e6374696f6e20646f6573206e6f74206578697374
0000019a: PUSH1 0x00
0000019c: DUP3
0000019d: ADD
0000019e: MSTORE
0000019f: POP
000001a0: JUMP
000001a1: JUMPDEST
000001a2: PUSH1 0x00
000001a4: PUSH2 0x01ae
000001a7: PUSH1 0x20
000001a9: DUP4
000001aa: PUSH2 0x0167
000001ad: JUMP
000001ae: JUMPDEST
000001af: SWAP2
000001b0: POP
000001b1: PUSH2 0x01b9
000001b4: DUP3
000001b5: PUSH2 0x0178
000001b8: JUMP
000001b9: JUMPDEST
000001ba: PUSH1 0x20
000001bc: DUP3
000001bd: ADD
000001be: SWAP1
000001bf: POP
000001c0: SWAP2
000001c1: SWAP1
000001c2: POP
000001c3: JUMP
000001c4: JUMPDEST
000001c5: PUSH1 0x00
000001c7: PUSH1 0x20
000001c9: DUP3
000001ca: ADD
000001cb: SWAP1
000001cc: POP
000001cd: DUP2
000001ce: DUP2
000001cf: SUB
000001d0: PUSH1 0x00
000001d2: DUP4
000001d3: ADD
000001d4: MSTORE
000001d5: PUSH2 0x01dd
000001d8: DUP2
000001d9: PUSH2 0x01a1
000001dc: JUMP
000001dd: JUMPDEST
000001de: SWAP1
000001df: POP
000001e0: SWAP2
000001e1: SWAP1
000001e2: POP
000001e3: JUMP
000001e4: INVALID
000001e5: LOG2
000001e6: PUSH5 0x6970667358
000001ec: UNKNOWN(0x22)
000001ed: SLT
000001ee: KECCAK256
000001ef: BASEFEE
000001f0: SWAP8
000001f1: ADD
000001f2: SWAP5
000001f3: CALLVALUE
000001f4: UNKNOWN(0xB4)
000001f5: CALLDATACOPY
000001f6: PUSH30 0x0294d051161153584bc9b27bea1602d4501b4ca5249fd14a64736f6c6343
00000215: STOP
00000216: ADDMOD
00000217: XOR
00000218: STOP
00000219: CALLER
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 10,
    "status": "unknown",
    "attempts": 11,
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 335,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}