TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b3844-ba70-70de-87b4-e21b49423eea

complete
Chain ID
1
Address
0xcafea91714e55756c125b509274ede9bc91697cb
Block Number
Created
Fri, Dec 19, 2025 8:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
20011 artifact.fetch complete 1 / 3 3 months ago
20012 tool.cast_disasm complete 1 / 3 3 months ago
110246 analysis.bundle complete 1 / 3 1 week ago
110247 capability.graph complete 1 / 3 1 week ago
110248 detector.run complete 1 / 3 1 week ago
110249 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
1
Total opcodes
457
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0042
0000000c: JUMPI
0000000d: PUSH0
0000000e: CALLDATALOAD
0000000f: PUSH1 0xe0
00000011: SHR
00000012: DUP1
00000013: PUSH4 0x025313a2
00000018: EQ
00000019: PUSH2 0x0059
0000001c: JUMPI
0000001d: DUP1
0000001e: PUSH4 0x3659cfe6
00000023: EQ
00000024: PUSH2 0x0089
00000027: JUMPI
00000028: DUP1
00000029: PUSH4 0x5c60da1b
0000002e: EQ
0000002f: PUSH2 0x00a8
00000032: JUMPI
00000033: DUP1
00000034: PUSH4 0xf1739cae
00000039: EQ
0000003a: PUSH2 0x00bc
0000003d: JUMPI
0000003e: PUSH2 0x0051
00000041: JUMP
00000042: JUMPDEST
00000043: CALLDATASIZE
00000044: PUSH2 0x0051
00000047: JUMPI
00000048: PUSH2 0x004f
0000004b: PUSH2 0x00db
0000004e: JUMP
0000004f: JUMPDEST
00000050: STOP
00000051: JUMPDEST
00000052: PUSH2 0x004f
00000055: PUSH2 0x00db
00000058: JUMP
00000059: JUMPDEST
0000005a: CALLVALUE
0000005b: DUP1
0000005c: ISZERO
0000005d: PUSH2 0x0064
00000060: JUMPI
00000061: PUSH0
00000062: PUSH0
00000063: REVERT
00000064: JUMPDEST
00000065: POP
00000066: PUSH2 0x006d
00000069: PUSH2 0x011a
0000006c: JUMP
0000006d: JUMPDEST
0000006e: PUSH1 0x40
00000070: MLOAD
00000071: PUSH1 0x01
00000073: PUSH1 0x01
00000075: PUSH1 0xa0
00000077: SHL
00000078: SUB
00000079: SWAP1
0000007a: SWAP2
0000007b: AND
0000007c: DUP2
0000007d: MSTORE
0000007e: PUSH1 0x20
00000080: ADD
00000081: PUSH1 0x40
00000083: MLOAD
00000084: DUP1
00000085: SWAP2
00000086: SUB
00000087: SWAP1
00000088: RETURN
00000089: JUMPDEST
0000008a: CALLVALUE
0000008b: DUP1
0000008c: ISZERO
0000008d: PUSH2 0x0094
00000090: JUMPI
00000091: PUSH0
00000092: PUSH0
00000093: REVERT
00000094: JUMPDEST
00000095: POP
00000096: PUSH2 0x004f
00000099: PUSH2 0x00a3
0000009c: CALLDATASIZE
0000009d: PUSH1 0x04
0000009f: PUSH2 0x0304
000000a2: JUMP
000000a3: JUMPDEST
000000a4: PUSH2 0x0152
000000a7: JUMP
000000a8: JUMPDEST
000000a9: CALLVALUE
000000aa: DUP1
000000ab: ISZERO
000000ac: PUSH2 0x00b3
000000af: JUMPI
000000b0: PUSH0
000000b1: PUSH0
000000b2: REVERT
000000b3: JUMPDEST
000000b4: POP
000000b5: PUSH2 0x006d
000000b8: PUSH2 0x01df
000000bb: JUMP
000000bc: JUMPDEST
000000bd: CALLVALUE
000000be: DUP1
000000bf: ISZERO
000000c0: PUSH2 0x00c7
000000c3: JUMPI
000000c4: PUSH0
000000c5: PUSH0
000000c6: REVERT
000000c7: JUMPDEST
000000c8: POP
000000c9: PUSH2 0x004f
000000cc: PUSH2 0x00d6
000000cf: CALLDATASIZE
000000d0: PUSH1 0x04
000000d2: PUSH2 0x0304
000000d5: JUMP
000000d6: JUMPDEST
000000d7: PUSH2 0x020e
000000da: JUMP
000000db: JUMPDEST
000000dc: PUSH0
000000dd: PUSH2 0x00e4
000000e0: PUSH2 0x01df
000000e3: JUMP
000000e4: JUMPDEST
000000e5: SWAP1
000000e6: POP
000000e7: PUSH1 0x01
000000e9: PUSH1 0x01
000000eb: PUSH1 0xa0
000000ed: SHL
000000ee: SUB
000000ef: DUP2
000000f0: AND
000000f1: PUSH2 0x00f8
000000f4: JUMPI
000000f5: PUSH0
000000f6: PUSH0
000000f7: REVERT
000000f8: JUMPDEST
000000f9: PUSH1 0x40
000000fb: MLOAD
000000fc: CALLDATASIZE
000000fd: PUSH0
000000fe: DUP3
000000ff: CALLDATACOPY
00000100: PUSH0
00000101: PUSH0
00000102: CALLDATASIZE
00000103: DUP4
00000104: DUP6
00000105: GAS
00000106: DELEGATECALL
00000107: RETURNDATASIZE
00000108: DUP1
00000109: PUSH0
0000010a: DUP5
0000010b: RETURNDATACOPY
0000010c: DUP2
0000010d: DUP1
0000010e: ISZERO
0000010f: PUSH2 0x0116
00000112: JUMPI
00000113: DUP2
00000114: DUP5
00000115: RETURN
00000116: JUMPDEST
00000117: DUP2
00000118: DUP5
00000119: REVERT
0000011a: JUMPDEST
0000011b: PUSH0
0000011c: PUSH2 0x014d
0000011f: PUSH2 0x0149
00000122: PUSH1 0x01
00000124: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6104
00000145: PUSH2 0x0331
00000148: JUMP
00000149: JUMPDEST
0000014a: SLOAD
0000014b: SWAP1
0000014c: JUMP
0000014d: JUMPDEST
0000014e: SWAP1
0000014f: POP
00000150: SWAP1
00000151: JUMP
00000152: JUMPDEST
00000153: PUSH2 0x015a
00000156: PUSH2 0x011a
00000159: JUMP
0000015a: JUMPDEST
0000015b: PUSH1 0x01
0000015d: PUSH1 0x01
0000015f: PUSH1 0xa0
00000161: SHL
00000162: SUB
00000163: AND
00000164: CALLER
00000165: PUSH1 0x01
00000167: PUSH1 0x01
00000169: PUSH1 0xa0
0000016b: SHL
0000016c: SUB
0000016d: AND
0000016e: EQ
0000016f: PUSH2 0x0176
00000172: JUMPI
00000173: PUSH0
00000174: PUSH0
00000175: REVERT
00000176: JUMPDEST
00000177: PUSH2 0x01a9
0000017a: PUSH2 0x01a4
0000017d: PUSH1 0x01
0000017f: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbd
000001a0: PUSH2 0x0331
000001a3: JUMP
000001a4: JUMPDEST
000001a5: DUP3
000001a6: SWAP1
000001a7: SSTORE
000001a8: JUMP
000001a9: JUMPDEST
000001aa: PUSH1 0x40
000001ac: MLOAD
000001ad: PUSH1 0x01
000001af: PUSH1 0x01
000001b1: PUSH1 0xa0
000001b3: SHL
000001b4: SUB
000001b5: DUP3
000001b6: AND
000001b7: SWAP1
000001b8: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b
000001d9: SWAP1
000001da: PUSH0
000001db: SWAP1
000001dc: LOG2
000001dd: POP
000001de: JUMP
000001df: JUMPDEST
000001e0: PUSH0
000001e1: PUSH2 0x014d
000001e4: PUSH2 0x0149
000001e7: PUSH1 0x01
000001e9: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbd
0000020a: PUSH2 0x0331
0000020d: JUMP
0000020e: JUMPDEST
0000020f: PUSH2 0x0216
00000212: PUSH2 0x011a
00000215: JUMP
00000216: JUMPDEST
00000217: PUSH1 0x01
00000219: PUSH1 0x01
0000021b: PUSH1 0xa0
0000021d: SHL
0000021e: SUB
0000021f: AND
00000220: CALLER
00000221: PUSH1 0x01
00000223: PUSH1 0x01
00000225: PUSH1 0xa0
00000227: SHL
00000228: SUB
00000229: AND
0000022a: EQ
0000022b: PUSH2 0x0232
0000022e: JUMPI
0000022f: PUSH0
00000230: PUSH0
00000231: REVERT
00000232: JUMPDEST
00000233: PUSH1 0x01
00000235: PUSH1 0x01
00000237: PUSH1 0xa0
00000239: SHL
0000023a: SUB
0000023b: DUP2
0000023c: AND
0000023d: PUSH2 0x0259
00000240: JUMPI
00000241: PUSH1 0x40
00000243: MLOAD
00000244: PUSH4 0xe6c4247b
00000249: PUSH1 0xe0
0000024b: SHL
0000024c: DUP2
0000024d: MSTORE
0000024e: PUSH1 0x04
00000250: ADD
00000251: PUSH1 0x40
00000253: MLOAD
00000254: DUP1
00000255: SWAP2
00000256: SUB
00000257: SWAP1
00000258: REVERT
00000259: JUMPDEST
0000025a: PUSH0
0000025b: PUSH2 0x0288
0000025e: PUSH2 0x0149
00000261: PUSH1 0x01
00000263: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6104
00000284: PUSH2 0x0331
00000287: JUMP
00000288: JUMPDEST
00000289: SWAP1
0000028a: POP
0000028b: PUSH2 0x02bd
0000028e: PUSH2 0x02b8
00000291: PUSH1 0x01
00000293: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6104
000002b4: PUSH2 0x0331
000002b7: JUMP
000002b8: JUMPDEST
000002b9: DUP4
000002ba: SWAP1
000002bb: SSTORE
000002bc: JUMP
000002bd: JUMPDEST
000002be: PUSH1 0x40
000002c0: DUP1
000002c1: MLOAD
000002c2: PUSH1 0x01
000002c4: PUSH1 0x01
000002c6: PUSH1 0xa0
000002c8: SHL
000002c9: SUB
000002ca: DUP1
000002cb: DUP5
000002cc: AND
000002cd: DUP3
000002ce: MSTORE
000002cf: DUP5
000002d0: AND
000002d1: PUSH1 0x20
000002d3: DUP3
000002d4: ADD
000002d5: MSTORE
000002d6: PUSH32 0x5a3e66efaa1e445ebd894728a69d6959842ea1e97bd79b892797106e270efcd9
000002f7: SWAP2
000002f8: ADD
000002f9: PUSH1 0x40
000002fb: MLOAD
000002fc: DUP1
000002fd: SWAP2
000002fe: SUB
000002ff: SWAP1
00000300: LOG1
00000301: POP
00000302: POP
00000303: JUMP
00000304: JUMPDEST
00000305: PUSH0
00000306: PUSH1 0x20
00000308: DUP3
00000309: DUP5
0000030a: SUB
0000030b: SLT
0000030c: ISZERO
0000030d: PUSH2 0x0314
00000310: JUMPI
00000311: PUSH0
00000312: PUSH0
00000313: REVERT
00000314: JUMPDEST
00000315: DUP2
00000316: CALLDATALOAD
00000317: PUSH1 0x01
00000319: PUSH1 0x01
0000031b: PUSH1 0xa0
0000031d: SHL
0000031e: SUB
0000031f: DUP2
00000320: AND
00000321: DUP2
00000322: EQ
00000323: PUSH2 0x032a
00000326: JUMPI
00000327: PUSH0
00000328: PUSH0
00000329: REVERT
0000032a: JUMPDEST
0000032b: SWAP4
0000032c: SWAP3
0000032d: POP
0000032e: POP
0000032f: POP
00000330: JUMP
00000331: JUMPDEST
00000332: DUP2
00000333: DUP2
00000334: SUB
00000335: DUP2
00000336: DUP2
00000337: GT
00000338: ISZERO
00000339: PUSH2 0x0350
0000033c: JUMPI
0000033d: PUSH4 0x4e487b71
00000342: PUSH1 0xe0
00000344: SHL
00000345: PUSH0
00000346: MSTORE
00000347: PUSH1 0x11
00000349: PUSH1 0x04
0000034b: MSTORE
0000034c: PUSH1 0x24
0000034e: PUSH0
0000034f: REVERT
00000350: JUMPDEST
00000351: SWAP3
00000352: SWAP2
00000353: POP
00000354: POP
00000355: JUMP
00000356: INVALID
00000357: LOG2
00000358: PUSH5 0x6970667358
0000035e: UNKNOWN(0x22)
0000035f: SLT
00000360: KECCAK256
00000361: MUL
00000362: SWAP4
00000363: UNKNOWN(0xDD)
00000364: UNKNOWN(0x4F)
00000365: PUSH9 0x05bd0e97bd9244f5bc
0000036f: UNKNOWN(0xDE)
00000370: GAS
00000371: EXTCODECOPY
00000372: PUSH19 0x105536018cb8ce208fc15d84a98264736f6c63
00000386: NUMBER
00000387: STOP
00000388: ADDMOD
00000389: SHR
0000038a: STOP
0000038b: CALLER
View stderr 
Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0x6180259a944e6b0db67a574a918f62644461afe7e29db00394f6ea17aa2dc5a0
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 48,
    "trace_id": "0x6180259a944e6b0db67a574a918f62644461afe7e29db00394f6ea17aa2dc5a0",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x025313a2",
            "selector": "0x025313a2",
            "calldata_variants": [
                "0x025313a2",
                "0x025313a20000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3659cfe6",
            "selector": "0x3659cfe6",
            "calldata_variants": [
                "0x3659cfe6",
                "0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5c60da1b",
            "selector": "0x5c60da1b",
            "calldata_variants": [
                "0x5c60da1b",
                "0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf1739cae",
            "selector": "0xf1739cae",
            "calldata_variants": [
                "0xf1739cae",
                "0xf1739cae0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 262,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}