Analysis Run

019b3844-b7af-7174-9469-44bf4c761f36

complete

Chain ID

1

Address

0x44e37608f744a7aeb16f7dc9bf052c310e6cd015

Block Number

—

Created

Fri, Dec 19, 2025 8:19 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Untrusted DELEGATECALL target reachable

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
19523	artifact.fetch	complete	1 / 3	3 months ago
19524	tool.cast_disasm	complete	1 / 3	3 months ago
109910	analysis.bundle	complete	1 / 3	1 week ago
109911	capability.graph	complete	1 / 3	1 week ago
109912	detector.run	complete	1 / 3	1 week ago
109913	validation.fork	complete	1 / 3	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

2

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

1

EXT*/BALANCE

3

Total opcodes

433

Flags

delegatecall_present

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH2 0x0013
00000009: JUMPI
0000000a: PUSH2 0x0011
0000000d: PUSH2 0x0017
00000010: JUMP
00000011: JUMPDEST
00000012: STOP
00000013: JUMPDEST
00000014: PUSH2 0x0011
00000017: JUMPDEST
00000018: PUSH2 0x0027
0000001b: PUSH2 0x0022
0000001e: PUSH2 0x0067
00000021: JUMP
00000022: JUMPDEST
00000023: PUSH2 0x009f
00000026: JUMP
00000027: JUMPDEST
00000028: JUMP
00000029: JUMPDEST
0000002a: PUSH1 0x60
0000002c: PUSH2 0x004e
0000002f: DUP4
00000030: DUP4
00000031: PUSH1 0x40
00000033: MLOAD
00000034: DUP1
00000035: PUSH1 0x60
00000037: ADD
00000038: PUSH1 0x40
0000003a: MSTORE
0000003b: DUP1
0000003c: PUSH1 0x27
0000003e: DUP2
0000003f: MSTORE
00000040: PUSH1 0x20
00000042: ADD
00000043: PUSH2 0x025e
00000046: PUSH1 0x27
00000048: SWAP2
00000049: CODECOPY
0000004a: PUSH2 0x00c3
0000004d: JUMP
0000004e: JUMPDEST
0000004f: SWAP4
00000050: SWAP3
00000051: POP
00000052: POP
00000053: POP
00000054: JUMP
00000055: JUMPDEST
00000056: PUSH1 0x01
00000058: PUSH1 0x01
0000005a: PUSH1 0xa0
0000005c: SHL
0000005d: SUB
0000005e: AND
0000005f: EXTCODESIZE
00000060: ISZERO
00000061: ISZERO
00000062: SWAP1
00000063: JUMP
00000064: JUMPDEST
00000065: SWAP1
00000066: JUMP
00000067: JUMPDEST
00000068: PUSH1 0x00
0000006a: PUSH2 0x009a
0000006d: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
0000008e: SLOAD
0000008f: PUSH1 0x01
00000091: PUSH1 0x01
00000093: PUSH1 0xa0
00000095: SHL
00000096: SUB
00000097: AND
00000098: SWAP1
00000099: JUMP
0000009a: JUMPDEST
0000009b: SWAP1
0000009c: POP
0000009d: SWAP1
0000009e: JUMP
0000009f: JUMPDEST
000000a0: CALLDATASIZE
000000a1: PUSH1 0x00
000000a3: DUP1
000000a4: CALLDATACOPY
000000a5: PUSH1 0x00
000000a7: DUP1
000000a8: CALLDATASIZE
000000a9: PUSH1 0x00
000000ab: DUP5
000000ac: GAS
000000ad: DELEGATECALL
000000ae: RETURNDATASIZE
000000af: PUSH1 0x00
000000b1: DUP1
000000b2: RETURNDATACOPY
000000b3: DUP1
000000b4: DUP1
000000b5: ISZERO
000000b6: PUSH2 0x00be
000000b9: JUMPI
000000ba: RETURNDATASIZE
000000bb: PUSH1 0x00
000000bd: RETURN
000000be: JUMPDEST
000000bf: RETURNDATASIZE
000000c0: PUSH1 0x00
000000c2: REVERT
000000c3: JUMPDEST
000000c4: PUSH1 0x60
000000c6: PUSH1 0x01
000000c8: PUSH1 0x01
000000ca: PUSH1 0xa0
000000cc: SHL
000000cd: SUB
000000ce: DUP5
000000cf: AND
000000d0: EXTCODESIZE
000000d1: PUSH2 0x0130
000000d4: JUMPI
000000d5: PUSH1 0x40
000000d7: MLOAD
000000d8: PUSH3 0x461bcd
000000dc: PUSH1 0xe5
000000de: SHL
000000df: DUP2
000000e0: MSTORE
000000e1: PUSH1 0x20
000000e3: PUSH1 0x04
000000e5: DUP3
000000e6: ADD
000000e7: MSTORE
000000e8: PUSH1 0x26
000000ea: PUSH1 0x24
000000ec: DUP3
000000ed: ADD
000000ee: MSTORE
000000ef: PUSH32 0x416464726573733a2064656c65676174652063616c6c20746f206e6f6e2d636f
00000110: PUSH1 0x44
00000112: DUP3
00000113: ADD
00000114: MSTORE
00000115: PUSH6 0x1b9d1c9858dd
0000011c: PUSH1 0xd2
0000011e: SHL
0000011f: PUSH1 0x64
00000121: DUP3
00000122: ADD
00000123: MSTORE
00000124: PUSH1 0x84
00000126: ADD
00000127: JUMPDEST
00000128: PUSH1 0x40
0000012a: MLOAD
0000012b: DUP1
0000012c: SWAP2
0000012d: SUB
0000012e: SWAP1
0000012f: REVERT
00000130: JUMPDEST
00000131: PUSH1 0x00
00000133: DUP1
00000134: DUP6
00000135: PUSH1 0x01
00000137: PUSH1 0x01
00000139: PUSH1 0xa0
0000013b: SHL
0000013c: SUB
0000013d: AND
0000013e: DUP6
0000013f: PUSH1 0x40
00000141: MLOAD
00000142: PUSH2 0x014b
00000145: SWAP2
00000146: SWAP1
00000147: PUSH2 0x020e
0000014a: JUMP
0000014b: JUMPDEST
0000014c: PUSH1 0x00
0000014e: PUSH1 0x40
00000150: MLOAD
00000151: DUP1
00000152: DUP4
00000153: SUB
00000154: DUP2
00000155: DUP6
00000156: GAS
00000157: DELEGATECALL
00000158: SWAP2
00000159: POP
0000015a: POP
0000015b: RETURNDATASIZE
0000015c: DUP1
0000015d: PUSH1 0x00
0000015f: DUP2
00000160: EQ
00000161: PUSH2 0x0186
00000164: JUMPI
00000165: PUSH1 0x40
00000167: MLOAD
00000168: SWAP2
00000169: POP
0000016a: PUSH1 0x1f
0000016c: NOT
0000016d: PUSH1 0x3f
0000016f: RETURNDATASIZE
00000170: ADD
00000171: AND
00000172: DUP3
00000173: ADD
00000174: PUSH1 0x40
00000176: MSTORE
00000177: RETURNDATASIZE
00000178: DUP3
00000179: MSTORE
0000017a: RETURNDATASIZE
0000017b: PUSH1 0x00
0000017d: PUSH1 0x20
0000017f: DUP5
00000180: ADD
00000181: RETURNDATACOPY
00000182: PUSH2 0x018b
00000185: JUMP
00000186: JUMPDEST
00000187: PUSH1 0x60
00000189: SWAP2
0000018a: POP
0000018b: JUMPDEST
0000018c: POP
0000018d: SWAP2
0000018e: POP
0000018f: SWAP2
00000190: POP
00000191: PUSH2 0x019b
00000194: DUP3
00000195: DUP3
00000196: DUP7
00000197: PUSH2 0x01a5
0000019a: JUMP
0000019b: JUMPDEST
0000019c: SWAP7
0000019d: SWAP6
0000019e: POP
0000019f: POP
000001a0: POP
000001a1: POP
000001a2: POP
000001a3: POP
000001a4: JUMP
000001a5: JUMPDEST
000001a6: PUSH1 0x60
000001a8: DUP4
000001a9: ISZERO
000001aa: PUSH2 0x01b4
000001ad: JUMPI
000001ae: POP
000001af: DUP2
000001b0: PUSH2 0x004e
000001b3: JUMP
000001b4: JUMPDEST
000001b5: DUP3
000001b6: MLOAD
000001b7: ISZERO
000001b8: PUSH2 0x01c4
000001bb: JUMPI
000001bc: DUP3
000001bd: MLOAD
000001be: DUP1
000001bf: DUP5
000001c0: PUSH1 0x20
000001c2: ADD
000001c3: REVERT
000001c4: JUMPDEST
000001c5: DUP2
000001c6: PUSH1 0x40
000001c8: MLOAD
000001c9: PUSH3 0x461bcd
000001cd: PUSH1 0xe5
000001cf: SHL
000001d0: DUP2
000001d1: MSTORE
000001d2: PUSH1 0x04
000001d4: ADD
000001d5: PUSH2 0x0127
000001d8: SWAP2
000001d9: SWAP1
000001da: PUSH2 0x022a
000001dd: JUMP
000001de: JUMPDEST
000001df: PUSH1 0x00
000001e1: JUMPDEST
000001e2: DUP4
000001e3: DUP2
000001e4: LT
000001e5: ISZERO
000001e6: PUSH2 0x01f9
000001e9: JUMPI
000001ea: DUP2
000001eb: DUP2
000001ec: ADD
000001ed: MLOAD
000001ee: DUP4
000001ef: DUP3
000001f0: ADD
000001f1: MSTORE
000001f2: PUSH1 0x20
000001f4: ADD
000001f5: PUSH2 0x01e1
000001f8: JUMP
000001f9: JUMPDEST
000001fa: DUP4
000001fb: DUP2
000001fc: GT
000001fd: ISZERO
000001fe: PUSH2 0x0208
00000201: JUMPI
00000202: PUSH1 0x00
00000204: DUP5
00000205: DUP5
00000206: ADD
00000207: MSTORE
00000208: JUMPDEST
00000209: POP
0000020a: POP
0000020b: POP
0000020c: POP
0000020d: JUMP
0000020e: JUMPDEST
0000020f: PUSH1 0x00
00000211: DUP3
00000212: MLOAD
00000213: PUSH2 0x0220
00000216: DUP2
00000217: DUP5
00000218: PUSH1 0x20
0000021a: DUP8
0000021b: ADD
0000021c: PUSH2 0x01de
0000021f: JUMP
00000220: JUMPDEST
00000221: SWAP2
00000222: SWAP1
00000223: SWAP2
00000224: ADD
00000225: SWAP3
00000226: SWAP2
00000227: POP
00000228: POP
00000229: JUMP
0000022a: JUMPDEST
0000022b: PUSH1 0x20
0000022d: DUP2
0000022e: MSTORE
0000022f: PUSH1 0x00
00000231: DUP3
00000232: MLOAD
00000233: DUP1
00000234: PUSH1 0x20
00000236: DUP5
00000237: ADD
00000238: MSTORE
00000239: PUSH2 0x0249
0000023c: DUP2
0000023d: PUSH1 0x40
0000023f: DUP6
00000240: ADD
00000241: PUSH1 0x20
00000243: DUP8
00000244: ADD
00000245: PUSH2 0x01de
00000248: JUMP
00000249: JUMPDEST
0000024a: PUSH1 0x1f
0000024c: ADD
0000024d: PUSH1 0x1f
0000024f: NOT
00000250: AND
00000251: SWAP2
00000252: SWAP1
00000253: SWAP2
00000254: ADD
00000255: PUSH1 0x40
00000257: ADD
00000258: SWAP3
00000259: SWAP2
0000025a: POP
0000025b: POP
0000025c: JUMP
0000025d: INVALID
0000025e: COINBASE
0000025f: PUSH5 0x6472657373
00000265: GASPRICE
00000266: KECCAK256
00000267: PUSH13 0x6f772d6c6576656c2064656c65
00000275: PUSH8 0x6174652063616c6c
0000027e: KECCAK256
0000027f: PUSH7 0x61696c6564a264
00000287: PUSH10 0x706673582212206a99b8
00000292: CALLDATALOAD
00000293: SDIV
00000294: UNKNOWN(0xC0)
00000295: DUP1
00000296: POP
00000297: JUMP
00000298: EXTCODEHASH
00000299: UNKNOWN(0xE1)
0000029a: UNKNOWN(0xC0)
0000029b: UNKNOWN(0xBE)
0000029c: SWAP7
0000029d: TSTORE
0000029e: CALL
0000029f: SWAP8
000002a0: SWAP5
000002a1: UNKNOWN(0xE0)
000002a2: PUSH7 0x5589aa5074b00d
000002aa: UNKNOWN(0xD8)
000002ab: ORIGIN
000002ac: UNKNOWN(0xC4)
000002ad: ISZERO
000002ae: UNKNOWN(0xD4)
000002af: PUSH5 0x736f6c6343
000002b5: STOP
000002b6: ADDMOD
000002b7: MULMOD
000002b8: STOP
000002b9: CALLER

View stderr

Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	upgradeability	detector	Untrusted DELEGATECALL target reachable	55	no	no	view trace_id: 0x888ae870b28ca60dd3253d67e2a0766c512cf9064b4686b824d5d36f7ea85267 call_targets: 0x3f2e4e5a70f2a424d7c4e4e0323c878c77c20537 target_varies: no classification: constant_target validation_json { "sink": "DELEGATECALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x888ae870b28ca60dd3253d67e2a0766c512cf9064b4686b824d5d36f7ea85267", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x3f2e4e5a70f2a424d7c4e4e0323c878c77c20537" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 173, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" }, { "pc": 343, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" } ], "guards_detected": [ { "pc": 683, "type": "tx_origin_used" } ], "delegatecall_count": 2, "untrusted_delegatecall_count": 2 }
high	auth	detector	Authorization based on tx.origin	70	no	—	view validation_json { "reason": "missing sink mapping", "status": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "guards_detected": [ { "pc": 683, "type": "tx_origin_used" } ] }
medium	other	detector	Untrusted CALL target/value reachable	45	no	no	view trace_id: 0x888ae870b28ca60dd3253d67e2a0766c512cf9064b4686b824d5d36f7ea85267 call_targets: 0x44e37608f744a7aeb16f7dc9bf052c310e6cd015 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x888ae870b28ca60dd3253d67e2a0766c512cf9064b4686b824d5d36f7ea85267", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x44e37608f744a7aeb16f7dc9bf052c310e6cd015" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 670, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 1, "guards_detected": [ { "pc": 683, "type": "tx_origin_used" } ], "untrusted_call_count": 1 }
medium	other	detector	ETH value transfer possible	40	no	no	view trace_id: 0x888ae870b28ca60dd3253d67e2a0766c512cf9064b4686b824d5d36f7ea85267 call_targets: 0x44e37608f744a7aeb16f7dc9bf052c310e6cd015 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x888ae870b28ca60dd3253d67e2a0766c512cf9064b4686b824d5d36f7ea85267", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x44e37608f744a7aeb16f7dc9bf052c310e6cd015" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 670, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 1, "guards_detected": [ { "pc": 683, "type": "tx_origin_used" } ] }