019b3844-af65-71c6-acc4-bfdbaaf2add3
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 17959 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 17960 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 61734 | analysis.bundle | complete | 1 / 3 | 1 week ago |
| 61735 | capability.graph | complete | 1 / 3 | 1 week ago |
| 61736 | detector.run | complete | 1 / 3 | 1 week ago |
| 61737 | validation.fork | complete | 1 / 3 | 1 week ago |
No slither job recorded yet.
No codex job recorded yet.
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: DUP2 00000005: DUP2 00000006: MSTORE 00000007: PUSH1 0x04 00000009: SWAP2 0000000a: DUP3 0000000b: CALLDATASIZE 0000000c: LT 0000000d: ISZERO 0000000e: PUSH2 0x0022 00000011: JUMPI 00000012: JUMPDEST 00000013: POP 00000014: POP 00000015: POP 00000016: CALLDATASIZE 00000017: ISZERO 00000018: PUSH2 0x0020 0000001b: JUMPI 0000001c: PUSH1 0x00 0000001e: DUP1 0000001f: REVERT 00000020: JUMPDEST 00000021: STOP 00000022: JUMPDEST 00000023: PUSH1 0x00 00000025: SWAP3 00000026: DUP4 00000027: CALLDATALOAD 00000028: PUSH1 0xe0 0000002a: SHR 0000002b: SWAP2 0000002c: DUP3 0000002d: PUSH4 0x338c5371 00000032: EQ 00000033: PUSH2 0x02df 00000036: JUMPI 00000037: POP 00000038: DUP2 00000039: PUSH4 0x9bb66b28 0000003e: EQ 0000003f: PUSH2 0x00ae 00000042: JUMPI 00000043: POP 00000044: PUSH4 0xe905182a 00000049: EQ 0000004a: PUSH2 0x0053 0000004d: JUMPI 0000004e: DUP1 0000004f: PUSH2 0x0012 00000052: JUMP 00000053: JUMPDEST 00000054: CALLVALUE 00000055: PUSH2 0x00aa 00000058: JUMPI 00000059: DUP2 0000005a: PUSH32 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc 0000007b: CALLDATASIZE 0000007c: ADD 0000007d: SLT 0000007e: PUSH2 0x00aa 00000081: JUMPI 00000082: PUSH1 0x20 00000084: SWAP1 00000085: MLOAD 00000086: PUSH32 0x81c5ab2571199e3188135178f3c2c8e2d268be1313d029b30f534fa579b69b79 000000a7: DUP2 000000a8: MSTORE 000000a9: RETURN 000000aa: JUMPDEST 000000ab: POP 000000ac: DUP1 000000ad: REVERT 000000ae: JUMPDEST 000000af: DUP3 000000b0: DUP5 000000b1: CALLVALUE 000000b2: PUSH2 0x02dc 000000b5: JUMPI 000000b6: DUP2 000000b7: PUSH32 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc 000000d8: CALLDATASIZE 000000d9: ADD 000000da: SLT 000000db: PUSH2 0x02dc 000000de: JUMPI 000000df: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000f4: SWAP3 000000f5: DUP1 000000f6: CALLDATALOAD 000000f7: DUP5 000000f8: DUP2 000000f9: AND 000000fa: DUP2 000000fb: SUB 000000fc: PUSH2 0x02d8 000000ff: JUMPI 00000100: PUSH1 0x24 00000102: CALLDATALOAD 00000103: PUSH8 0xffffffffffffffff 0000010c: SWAP6 0000010d: DUP7 0000010e: DUP3 0000010f: GT 00000110: PUSH2 0x02d4 00000113: JUMPI 00000114: CALLDATASIZE 00000115: PUSH1 0x23 00000117: DUP4 00000118: ADD 00000119: SLT 0000011a: ISZERO 0000011b: PUSH2 0x02d4 0000011e: JUMPI 0000011f: DUP2 00000120: DUP5 00000121: ADD 00000122: CALLDATALOAD 00000123: SWAP1 00000124: DUP8 00000125: DUP3 00000126: GT 00000127: PUSH2 0x02d0 0000012a: JUMPI 0000012b: CALLDATASIZE 0000012c: PUSH1 0x24 0000012e: DUP4 0000012f: DUP6 00000130: ADD 00000131: ADD 00000132: GT 00000133: PUSH2 0x02d0 00000136: JUMPI 00000137: PUSH32 0x00000000000000000000000027ca963c279c93801941e1eb8799c23f407d68e7 00000158: AND 00000159: CALLER 0000015a: SUB 0000015b: PUSH2 0x02a8 0000015e: JUMPI 0000015f: SWAP2 00000160: PUSH1 0x24 00000162: DUP6 00000163: SWAP4 00000164: SWAP3 00000165: DUP4 00000166: DUP6 00000167: SWAP5 00000168: DUP10 00000169: MLOAD 0000016a: SWAP4 0000016b: DUP5 0000016c: SWAP4 0000016d: ADD 0000016e: DUP4 0000016f: CALLDATACOPY 00000170: DUP2 00000171: ADD 00000172: DUP5 00000173: DUP2 00000174: MSTORE 00000175: SUB 00000176: SWAP2 00000177: GAS 00000178: DELEGATECALL 00000179: SWAP4 0000017a: RETURNDATASIZE 0000017b: ISZERO 0000017c: PUSH2 0x029d 0000017f: JUMPI 00000180: RETURNDATASIZE 00000181: SWAP1 00000182: DUP1 00000183: DUP3 00000184: GT 00000185: PUSH2 0x0271 00000188: JUMPI 00000189: DUP5 0000018a: MLOAD 0000018b: SWAP3 0000018c: PUSH1 0x1f 0000018e: DUP4 0000018f: ADD 00000190: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0 000001b1: SWAP1 000001b2: DUP2 000001b3: AND 000001b4: PUSH1 0x3f 000001b6: ADD 000001b7: AND 000001b8: DUP5 000001b9: ADD 000001ba: SWAP2 000001bb: DUP3 000001bc: GT 000001bd: DUP5 000001be: DUP4 000001bf: LT 000001c0: OR 000001c1: PUSH2 0x0245 000001c4: JUMPI 000001c5: POP 000001c6: DUP5 000001c7: MSTORE 000001c8: DUP2 000001c9: MSTORE 000001ca: RETURNDATASIZE 000001cb: DUP3 000001cc: PUSH1 0x20 000001ce: DUP4 000001cf: ADD 000001d0: RETURNDATACOPY 000001d1: SWAP3 000001d2: SWAP1 000001d3: JUMPDEST 000001d4: DUP3 000001d5: MLOAD 000001d6: SWAP4 000001d7: DUP5 000001d8: SWAP3 000001d9: ISZERO 000001da: ISZERO 000001db: DUP4 000001dc: MSTORE 000001dd: PUSH1 0x20 000001df: SWAP1 000001e0: DUP5 000001e1: PUSH1 0x20 000001e3: DUP6 000001e4: ADD 000001e5: MSTORE 000001e6: DUP1 000001e7: MLOAD 000001e8: DUP1 000001e9: SWAP6 000001ea: DUP6 000001eb: ADD 000001ec: MSTORE 000001ed: DUP3 000001ee: JUMPDEST 000001ef: DUP6 000001f0: DUP2 000001f1: LT 000001f2: PUSH2 0x022e 000001f5: JUMPI 000001f6: POP 000001f7: POP 000001f8: POP 000001f9: PUSH1 0x1f 000001fb: DUP4 000001fc: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0 0000021d: SWAP3 0000021e: PUSH1 0x60 00000220: DUP1 00000221: SWAP7 00000222: DUP7 00000223: ADD 00000224: ADD 00000225: MSTORE 00000226: ADD 00000227: AND 00000228: DUP2 00000229: ADD 0000022a: SUB 0000022b: ADD 0000022c: SWAP1 0000022d: RETURN 0000022e: JUMPDEST 0000022f: DUP2 00000230: DUP2 00000231: ADD 00000232: DUP4 00000233: ADD 00000234: MLOAD 00000235: DUP8 00000236: DUP3 00000237: ADD 00000238: PUSH1 0x60 0000023a: ADD 0000023b: MSTORE 0000023c: DUP7 0000023d: SWAP5 0000023e: POP 0000023f: DUP3 00000240: ADD 00000241: PUSH2 0x01ee 00000244: JUMP 00000245: JUMPDEST 00000246: DUP5 00000247: PUSH1 0x41 00000249: PUSH1 0x24 0000024b: SWAP3 0000024c: PUSH32 0x4e487b7100000000000000000000000000000000000000000000000000000000 0000026d: DUP4 0000026e: MSTORE 0000026f: MSTORE 00000270: REVERT 00000271: JUMPDEST 00000272: PUSH1 0x24 00000274: DUP5 00000275: PUSH1 0x41 00000277: DUP6 00000278: PUSH32 0x4e487b7100000000000000000000000000000000000000000000000000000000 00000299: DUP4 0000029a: MSTORE 0000029b: MSTORE 0000029c: REVERT 0000029d: JUMPDEST 0000029e: POP 0000029f: POP 000002a0: PUSH1 0x60 000002a2: SWAP3 000002a3: SWAP1 000002a4: PUSH2 0x01d3 000002a7: JUMP 000002a8: JUMPDEST 000002a9: DUP4 000002aa: DUP7 000002ab: MLOAD 000002ac: PUSH32 0x82b4290000000000000000000000000000000000000000000000000000000000 000002cd: DUP2 000002ce: MSTORE 000002cf: REVERT 000002d0: JUMPDEST 000002d1: DUP6 000002d2: DUP1 000002d3: REVERT 000002d4: JUMPDEST 000002d5: DUP5 000002d6: DUP1 000002d7: REVERT 000002d8: JUMPDEST 000002d9: DUP3 000002da: DUP1 000002db: REVERT 000002dc: JUMPDEST 000002dd: DUP1 000002de: REVERT 000002df: JUMPDEST 000002e0: DUP5 000002e1: SWAP1 000002e2: CALLVALUE 000002e3: PUSH2 0x00aa 000002e6: JUMPI 000002e7: DUP2 000002e8: PUSH32 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc 00000309: CALLDATASIZE 0000030a: ADD 0000030b: SLT 0000030c: PUSH2 0x00aa 0000030f: JUMPI 00000310: PUSH1 0x20 00000312: SWAP1 00000313: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000328: PUSH32 0x00000000000000000000000027ca963c279c93801941e1eb8799c23f407d68e7 00000349: AND 0000034a: DUP2 0000034b: MSTORE 0000034c: RETURN 0000034d: INVALID 0000034e: LOG2 0000034f: PUSH5 0x6970667358 00000355: UNKNOWN(0x22) 00000356: SLT 00000357: KECCAK256 00000358: SHL 00000359: SHR 0000035a: UNKNOWN(0xC5) 0000035b: PUSH24 0xf24b9d8e5472b448ec535a07efeb64b1500d66f0e9d785be 00000374: UNKNOWN(0x4E) 00000375: CALLDATACOPY 00000376: SWAP3 00000377: UNKNOWN(0xD9) 00000378: PUSH5 0x736f6c6343 0000037e: STOP 0000037f: ADDMOD 00000380: NOT 00000381: STOP 00000382: CALLER
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewtrace_id: 0xdf8713fc3705c57da8663d37ec37ba9e0653a44021e6b77e66a9aaa91c80d340
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "unknown",
"attempts": 36,
"trace_id": "0xdf8713fc3705c57da8663d37ec37ba9e0653a44021e6b77e66a9aaa91c80d340",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x338c5371",
"selector": "0x338c5371",
"calldata_variants": [
"0x338c5371",
"0x338c53710000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0x9bb66b28",
"selector": "0x9bb66b28",
"calldata_variants": [
"0x9bb66b28",
"0x9bb66b280000000000000000000000000000000000000000000000000000000000000000"
]
},
{
"calldata": "0xe905182a",
"selector": "0xe905182a",
"calldata_variants": [
"0xe905182a",
"0xe905182a0000000000000000000000000000000000000000000000000000000000000000"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 376,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 1,
"untrusted_delegatecall_count": 1
}
|