Analysis Run

019b3844-baa1-724a-9696-55bb9a963850

complete

Chain ID

1

Address

0x61df42e82ffbefb071998fed73f5ea1fe6b7d194

Block Number

—

Created

Fri, Dec 19, 2025 8:19 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Untrusted CALL target/value reachable

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
20051	artifact.fetch	complete	1 / 3	3 months ago
20052	tool.cast_disasm	complete	1 / 3	3 months ago
110318	analysis.bundle	complete	1 / 3	1 week ago
110319	capability.graph	complete	1 / 3	1 week ago
110320	detector.run	complete	1 / 3	1 week ago
110321	validation.fork	complete	1 / 3	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

0

CREATE2

1

CALL-family (heavy)

3

EXT*/BALANCE

2

Total opcodes

606

Flags

create_opcodes_present

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0043
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x3fe43822
00000019: EQ
0000001a: PUSH2 0x005e
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x4d6ce1e5
00000024: EQ
00000025: PUSH2 0x007b
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0xc2808d1a
0000002f: EQ
00000030: PUSH2 0x0098
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xe203b506
0000003a: EQ
0000003b: PUSH2 0x00bf
0000003e: JUMPI
0000003f: PUSH2 0x0054
00000042: JUMP
00000043: JUMPDEST
00000044: CALLDATASIZE
00000045: PUSH2 0x0054
00000048: JUMPI
00000049: PUSH2 0x0052
0000004c: PUSH1 0x00
0000004e: PUSH2 0x010b
00000051: JUMP
00000052: JUMPDEST
00000053: STOP
00000054: JUMPDEST
00000055: PUSH2 0x0052
00000058: PUSH1 0x00
0000005a: PUSH2 0x010b
0000005d: JUMP
0000005e: JUMPDEST
0000005f: PUSH2 0x0052
00000062: PUSH1 0x04
00000064: DUP1
00000065: CALLDATASIZE
00000066: SUB
00000067: PUSH1 0x20
00000069: DUP2
0000006a: LT
0000006b: ISZERO
0000006c: PUSH2 0x0074
0000006f: JUMPI
00000070: PUSH1 0x00
00000072: DUP1
00000073: REVERT
00000074: JUMPDEST
00000075: POP
00000076: CALLDATALOAD
00000077: PUSH2 0x01bd
0000007a: JUMP
0000007b: JUMPDEST
0000007c: PUSH2 0x0052
0000007f: PUSH1 0x04
00000081: DUP1
00000082: CALLDATASIZE
00000083: SUB
00000084: PUSH1 0x20
00000086: DUP2
00000087: LT
00000088: ISZERO
00000089: PUSH2 0x0091
0000008c: JUMPI
0000008d: PUSH1 0x00
0000008f: DUP1
00000090: REVERT
00000091: JUMPDEST
00000092: POP
00000093: CALLDATALOAD
00000094: PUSH2 0x010b
00000097: JUMP
00000098: JUMPDEST
00000099: CALLVALUE
0000009a: DUP1
0000009b: ISZERO
0000009c: PUSH2 0x00a4
0000009f: JUMPI
000000a0: PUSH1 0x00
000000a2: DUP1
000000a3: REVERT
000000a4: JUMPDEST
000000a5: POP
000000a6: PUSH2 0x00ad
000000a9: PUSH2 0x02e1
000000ac: JUMP
000000ad: JUMPDEST
000000ae: PUSH1 0x40
000000b0: DUP1
000000b1: MLOAD
000000b2: SWAP2
000000b3: DUP3
000000b4: MSTORE
000000b5: MLOAD
000000b6: SWAP1
000000b7: DUP2
000000b8: SWAP1
000000b9: SUB
000000ba: PUSH1 0x20
000000bc: ADD
000000bd: SWAP1
000000be: RETURN
000000bf: JUMPDEST
000000c0: CALLVALUE
000000c1: DUP1
000000c2: ISZERO
000000c3: PUSH2 0x00cb
000000c6: JUMPI
000000c7: PUSH1 0x00
000000c9: DUP1
000000ca: REVERT
000000cb: JUMPDEST
000000cc: POP
000000cd: PUSH2 0x00f2
000000d0: PUSH1 0x04
000000d2: DUP1
000000d3: CALLDATASIZE
000000d4: SUB
000000d5: PUSH1 0x20
000000d7: DUP2
000000d8: LT
000000d9: ISZERO
000000da: PUSH2 0x00e2
000000dd: JUMPI
000000de: PUSH1 0x00
000000e0: DUP1
000000e1: REVERT
000000e2: JUMPDEST
000000e3: POP
000000e4: CALLDATALOAD
000000e5: PUSH1 0x01
000000e7: PUSH1 0x01
000000e9: PUSH1 0xa0
000000eb: SHL
000000ec: SUB
000000ed: AND
000000ee: PUSH2 0x02e7
000000f1: JUMP
000000f2: JUMPDEST
000000f3: PUSH1 0x40
000000f5: DUP1
000000f6: MLOAD
000000f7: SWAP3
000000f8: DUP4
000000f9: MSTORE
000000fa: PUSH1 0x20
000000fc: DUP4
000000fd: ADD
000000fe: SWAP2
000000ff: SWAP1
00000100: SWAP2
00000101: MSTORE
00000102: DUP1
00000103: MLOAD
00000104: SWAP2
00000105: DUP3
00000106: SWAP1
00000107: SUB
00000108: ADD
00000109: SWAP1
0000010a: RETURN
0000010b: JUMPDEST
0000010c: CALLER
0000010d: PUSH1 0x00
0000010f: SWAP1
00000110: DUP2
00000111: MSTORE
00000112: PUSH1 0x20
00000114: DUP2
00000115: SWAP1
00000116: MSTORE
00000117: PUSH1 0x40
00000119: SWAP1
0000011a: KECCAK256
0000011b: PUSH1 0x01
0000011d: DUP2
0000011e: ADD
0000011f: DUP1
00000120: SLOAD
00000121: CALLVALUE
00000122: ADD
00000123: SWAP1
00000124: SSTORE
00000125: TIMESTAMP
00000126: DUP3
00000127: GT
00000128: PUSH2 0x0131
0000012b: JUMPI
0000012c: TIMESTAMP
0000012d: PUSH2 0x0133
00000130: JUMP
00000131: JUMPDEST
00000132: DUP2
00000133: JUMPDEST
00000134: DUP2
00000135: SSTORE
00000136: PUSH1 0x01
00000138: SLOAD
00000139: PUSH1 0x40
0000013b: DUP1
0000013c: MLOAD
0000013d: PUSH4 0x130bc129
00000142: PUSH1 0xe2
00000144: SHL
00000145: DUP2
00000146: MSTORE
00000147: CALLER
00000148: PUSH1 0x04
0000014a: DUP3
0000014b: ADD
0000014c: MSTORE
0000014d: CALLVALUE
0000014e: PUSH1 0x24
00000150: DUP3
00000151: ADD
00000152: MSTORE
00000153: PUSH1 0x60
00000155: PUSH1 0x44
00000157: DUP3
00000158: ADD
00000159: MSTORE
0000015a: PUSH1 0x03
0000015c: PUSH1 0x64
0000015e: DUP3
0000015f: ADD
00000160: MSTORE
00000161: PUSH3 0x141d5d
00000165: PUSH1 0xea
00000167: SHL
00000168: PUSH1 0x84
0000016a: DUP3
0000016b: ADD
0000016c: MSTORE
0000016d: SWAP1
0000016e: MLOAD
0000016f: PUSH1 0x01
00000171: PUSH1 0x01
00000173: PUSH1 0xa0
00000175: SHL
00000176: SUB
00000177: SWAP1
00000178: SWAP3
00000179: AND
0000017a: SWAP2
0000017b: PUSH4 0x4c2f04a4
00000180: SWAP2
00000181: PUSH1 0xa4
00000183: DUP1
00000184: DUP3
00000185: ADD
00000186: SWAP3
00000187: PUSH1 0x00
00000189: SWAP3
0000018a: SWAP1
0000018b: SWAP2
0000018c: SWAP1
0000018d: DUP3
0000018e: SWAP1
0000018f: SUB
00000190: ADD
00000191: DUP2
00000192: DUP4
00000193: DUP8
00000194: DUP1
00000195: EXTCODESIZE
00000196: ISZERO
00000197: DUP1
00000198: ISZERO
00000199: PUSH2 0x01a1
0000019c: JUMPI
0000019d: PUSH1 0x00
0000019f: DUP1
000001a0: REVERT
000001a1: JUMPDEST
000001a2: POP
000001a3: GAS
000001a4: CALL
000001a5: ISZERO
000001a6: DUP1
000001a7: ISZERO
000001a8: PUSH2 0x01b5
000001ab: JUMPI
000001ac: RETURNDATASIZE
000001ad: PUSH1 0x00
000001af: DUP1
000001b0: RETURNDATACOPY
000001b1: RETURNDATASIZE
000001b2: PUSH1 0x00
000001b4: REVERT
000001b5: JUMPDEST
000001b6: POP
000001b7: POP
000001b8: POP
000001b9: POP
000001ba: POP
000001bb: POP
000001bc: JUMP
000001bd: JUMPDEST
000001be: CALLER
000001bf: PUSH1 0x00
000001c1: SWAP1
000001c2: DUP2
000001c3: MSTORE
000001c4: PUSH1 0x20
000001c6: DUP2
000001c7: SWAP1
000001c8: MSTORE
000001c9: PUSH1 0x40
000001cb: SWAP1
000001cc: KECCAK256
000001cd: PUSH1 0x02
000001cf: SLOAD
000001d0: PUSH1 0x01
000001d2: DUP3
000001d3: ADD
000001d4: SLOAD
000001d5: GT
000001d6: DUP1
000001d7: ISZERO
000001d8: PUSH2 0x01e5
000001db: JUMPI
000001dc: POP
000001dd: DUP2
000001de: DUP2
000001df: PUSH1 0x01
000001e1: ADD
000001e2: SLOAD
000001e3: LT
000001e4: ISZERO
000001e5: JUMPDEST
000001e6: DUP1
000001e7: ISZERO
000001e8: PUSH2 0x01f1
000001eb: JUMPI
000001ec: POP
000001ed: DUP1
000001ee: SLOAD
000001ef: TIMESTAMP
000001f0: GT
000001f1: JUMPDEST
000001f2: ISZERO
000001f3: PUSH2 0x02dd
000001f6: JUMPI
000001f7: PUSH1 0x40
000001f9: MLOAD
000001fa: PUSH1 0x00
000001fc: SWAP1
000001fd: CALLER
000001fe: SWAP1
000001ff: DUP5
00000200: SWAP1
00000201: DUP4
00000202: DUP2
00000203: DUP2
00000204: DUP2
00000205: DUP6
00000206: DUP8
00000207: GAS
00000208: CALL
00000209: SWAP3
0000020a: POP
0000020b: POP
0000020c: POP
0000020d: RETURNDATASIZE
0000020e: DUP1
0000020f: PUSH1 0x00
00000211: DUP2
00000212: EQ
00000213: PUSH2 0x0238
00000216: JUMPI
00000217: PUSH1 0x40
00000219: MLOAD
0000021a: SWAP2
0000021b: POP
0000021c: PUSH1 0x1f
0000021e: NOT
0000021f: PUSH1 0x3f
00000221: RETURNDATASIZE
00000222: ADD
00000223: AND
00000224: DUP3
00000225: ADD
00000226: PUSH1 0x40
00000228: MSTORE
00000229: RETURNDATASIZE
0000022a: DUP3
0000022b: MSTORE
0000022c: RETURNDATASIZE
0000022d: PUSH1 0x00
0000022f: PUSH1 0x20
00000231: DUP5
00000232: ADD
00000233: RETURNDATACOPY
00000234: PUSH2 0x023d
00000237: JUMP
00000238: JUMPDEST
00000239: PUSH1 0x60
0000023b: SWAP2
0000023c: POP
0000023d: JUMPDEST
0000023e: POP
0000023f: POP
00000240: SWAP1
00000241: POP
00000242: DUP1
00000243: ISZERO
00000244: PUSH2 0x02db
00000247: JUMPI
00000248: PUSH1 0x01
0000024a: DUP1
0000024b: DUP4
0000024c: ADD
0000024d: DUP1
0000024e: SLOAD
0000024f: DUP6
00000250: SWAP1
00000251: SUB
00000252: SWAP1
00000253: SSTORE
00000254: SLOAD
00000255: PUSH1 0x40
00000257: DUP1
00000258: MLOAD
00000259: PUSH4 0x130bc129
0000025e: PUSH1 0xe2
00000260: SHL
00000261: DUP2
00000262: MSTORE
00000263: CALLER
00000264: PUSH1 0x04
00000266: DUP3
00000267: ADD
00000268: MSTORE
00000269: PUSH1 0x24
0000026b: DUP2
0000026c: ADD
0000026d: DUP7
0000026e: SWAP1
0000026f: MSTORE
00000270: PUSH1 0x60
00000272: PUSH1 0x44
00000274: DUP3
00000275: ADD
00000276: MSTORE
00000277: PUSH1 0x07
00000279: PUSH1 0x64
0000027b: DUP3
0000027c: ADD
0000027d: MSTORE
0000027e: PUSH7 0x10dbdb1b1958dd
00000286: PUSH1 0xca
00000288: SHL
00000289: PUSH1 0x84
0000028b: DUP3
0000028c: ADD
0000028d: MSTORE
0000028e: SWAP1
0000028f: MLOAD
00000290: PUSH1 0x01
00000292: PUSH1 0x01
00000294: PUSH1 0xa0
00000296: SHL
00000297: SUB
00000298: SWAP1
00000299: SWAP3
0000029a: AND
0000029b: SWAP2
0000029c: PUSH4 0x4c2f04a4
000002a1: SWAP2
000002a2: PUSH1 0xa4
000002a4: DUP1
000002a5: DUP3
000002a6: ADD
000002a7: SWAP3
000002a8: PUSH1 0x00
000002aa: SWAP3
000002ab: SWAP1
000002ac: SWAP2
000002ad: SWAP1
000002ae: DUP3
000002af: SWAP1
000002b0: SUB
000002b1: ADD
000002b2: DUP2
000002b3: DUP4
000002b4: DUP8
000002b5: DUP1
000002b6: EXTCODESIZE
000002b7: ISZERO
000002b8: DUP1
000002b9: ISZERO
000002ba: PUSH2 0x02c2
000002bd: JUMPI
000002be: PUSH1 0x00
000002c0: DUP1
000002c1: REVERT
000002c2: JUMPDEST
000002c3: POP
000002c4: GAS
000002c5: CALL
000002c6: ISZERO
000002c7: DUP1
000002c8: ISZERO
000002c9: PUSH2 0x02d6
000002cc: JUMPI
000002cd: RETURNDATASIZE
000002ce: PUSH1 0x00
000002d0: DUP1
000002d1: RETURNDATACOPY
000002d2: RETURNDATASIZE
000002d3: PUSH1 0x00
000002d5: REVERT
000002d6: JUMPDEST
000002d7: POP
000002d8: POP
000002d9: POP
000002da: POP
000002db: JUMPDEST
000002dc: POP
000002dd: JUMPDEST
000002de: POP
000002df: POP
000002e0: JUMP
000002e1: JUMPDEST
000002e2: PUSH1 0x02
000002e4: SLOAD
000002e5: DUP2
000002e6: JUMP
000002e7: JUMPDEST
000002e8: PUSH1 0x00
000002ea: PUSH1 0x20
000002ec: DUP2
000002ed: SWAP1
000002ee: MSTORE
000002ef: SWAP1
000002f0: DUP2
000002f1: MSTORE
000002f2: PUSH1 0x40
000002f4: SWAP1
000002f5: KECCAK256
000002f6: DUP1
000002f7: SLOAD
000002f8: PUSH1 0x01
000002fa: SWAP1
000002fb: SWAP2
000002fc: ADD
000002fd: SLOAD
000002fe: DUP3
000002ff: JUMP
00000300: INVALID
00000301: LOG2
00000302: PUSH5 0x6970667358
00000308: UNKNOWN(0x22)
00000309: SLT
0000030a: KECCAK256
0000030b: SWAP4
0000030c: UNKNOWN(0xC4)
0000030d: TLOAD
0000030e: CALLDATACOPY
0000030f: DUP11
00000310: CHAINID
00000311: CREATE2
00000312: DUP2
00000313: DIV
00000314: UNKNOWN(0x4D)
00000315: PUSH4 0x7b35346c
0000031a: TLOAD
0000031b: RETURN
0000031c: UNKNOWN(0xBB)
0000031d: UNKNOWN(0xC1)
0000031e: UNKNOWN(0xC4)
0000031f: UNKNOWN(0xB1)
00000320: LOG3
00000321: BLOBHASH
00000322: NUMBER
00000323: LOG2
00000324: MUL
00000325: UNKNOWN(0xE7)
00000326: DUP6
00000327: DUP13
00000328: UNKNOWN(0xBE)
00000329: EXP
0000032a: ADDRESS
0000032b: PUSH5 0x736f6c6343
00000331: STOP
00000332: SMOD
00000333: MOD
00000334: STOP
00000335: CALLER

View stderr

Warning: This is a nightly build of Foundry. It is recommended to use the latest stable version. To mute this warning set `FOUNDRY_DISABLE_NIGHTLY_WARNING` in your environment.

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	other	detector	Untrusted CALL target/value reachable	60	no	no	view trace_id: 0x61656217804eeba3bd737283c452887353419820a4223717d5ca3b4d00b6b645 call_targets: 0x61df42e82ffbefb071998fed73f5ea1fe6b7d194 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x61656217804eeba3bd737283c452887353419820a4223717d5ca3b4d00b6b645", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x61df42e82ffbefb071998fed73f5ea1fe6b7d194" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x3fe43822", "selector": "0x3fe43822", "calldata_variants": [ "0x3fe43822", "0x3fe438220000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x4d6ce1e5", "selector": "0x4d6ce1e5", "calldata_variants": [ "0x4d6ce1e5", "0x4d6ce1e50000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xc2808d1a", "selector": "0xc2808d1a", "calldata_variants": [ "0xc2808d1a", "0xc2808d1a0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xe203b506", "selector": "0xe203b506", "calldata_variants": [ "0xe203b506", "0xe203b5060000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 420, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 520, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 709, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 3, "guards_detected": [], "untrusted_call_count": 3 }
high	other	detector	ETH value transfer possible	55	no	no	view trace_id: 0x61656217804eeba3bd737283c452887353419820a4223717d5ca3b4d00b6b645 call_targets: 0x61df42e82ffbefb071998fed73f5ea1fe6b7d194 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x61656217804eeba3bd737283c452887353419820a4223717d5ca3b4d00b6b645", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x61df42e82ffbefb071998fed73f5ea1fe6b7d194" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x3fe43822", "selector": "0x3fe43822", "calldata_variants": [ "0x3fe43822", "0x3fe438220000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x4d6ce1e5", "selector": "0x4d6ce1e5", "calldata_variants": [ "0x4d6ce1e5", "0x4d6ce1e50000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xc2808d1a", "selector": "0xc2808d1a", "calldata_variants": [ "0xc2808d1a", "0xc2808d1a0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xe203b506", "selector": "0xe203b506", "calldata_variants": [ "0xe203b506", "0xe203b5060000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 420, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 520, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 709, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 3, "guards_detected": [] }
medium	other	detector	CREATE/CREATE2 reachable	45	no	no	view trace_id: 0x9eb4d6778c5fd82cf40473979671c1d01d24d5722d603f728094556efc89ff7c validation_json { "sink": "CREATE", "errors": 0, "status": "unknown", "attempts": 8, "trace_id": "0x9eb4d6778c5fd82cf40473979671c1d01d24d5722d603f728094556efc89ff7c", "confirmed": false, "trace_mode": "structLogs", "call_targets": null, "matched_probe": null, "target_varies": null, "classification": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x3fe43822", "selector": "0x3fe43822", "calldata_variants": [ "0x3fe43822", "0x3fe438220000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0x4d6ce1e5", "selector": "0x4d6ce1e5", "calldata_variants": [ "0x4d6ce1e5", "0x4d6ce1e50000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xc2808d1a", "selector": "0xc2808d1a", "calldata_variants": [ "0xc2808d1a", "0xc2808d1a0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xe203b506", "selector": "0xe203b506", "calldata_variants": [ "0xe203b506", "0xe203b5060000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "create_count": 0, "create2_count": 1 }

Severity

Category

Tool

Title

Confidence

Validated

Confirmed

Details

high

other

detector

Untrusted CALL target/value reachable

60

no

view

trace_id: 0x61656217804eeba3bd737283c452887353419820a4223717d5ca3b4d00b6b645

call_targets: 0x61df42e82ffbefb071998fed73f5ea1fe6b7d194

target_varies: no

classification: constant_target

validation_json

{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x61656217804eeba3bd737283c452887353419820a4223717d5ca3b4d00b6b645",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x61df42e82ffbefb071998fed73f5ea1fe6b7d194"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3fe43822",
            "selector": "0x3fe43822",
            "calldata_variants": [
                "0x3fe43822",
                "0x3fe438220000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4d6ce1e5",
            "selector": "0x4d6ce1e5",
            "calldata_variants": [
                "0x4d6ce1e5",
                "0x4d6ce1e50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc2808d1a",
            "selector": "0xc2808d1a",
            "calldata_variants": [
                "0xc2808d1a",
                "0xc2808d1a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe203b506",
            "selector": "0xe203b506",
            "calldata_variants": [
                "0xe203b506",
                "0xe203b5060000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "examples": [
        {
            "pc": 420,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 520,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 709,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 3,
    "guards_detected": [],
    "untrusted_call_count": 3
}

high

other

detector

ETH value transfer possible

55

no

view

trace_id: 0x61656217804eeba3bd737283c452887353419820a4223717d5ca3b4d00b6b645

call_targets: 0x61df42e82ffbefb071998fed73f5ea1fe6b7d194

target_varies: no

classification: constant_target

validation_json

{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x61656217804eeba3bd737283c452887353419820a4223717d5ca3b4d00b6b645",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x61df42e82ffbefb071998fed73f5ea1fe6b7d194"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3fe43822",
            "selector": "0x3fe43822",
            "calldata_variants": [
                "0x3fe43822",
                "0x3fe438220000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4d6ce1e5",
            "selector": "0x4d6ce1e5",
            "calldata_variants": [
                "0x4d6ce1e5",
                "0x4d6ce1e50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc2808d1a",
            "selector": "0xc2808d1a",
            "calldata_variants": [
                "0xc2808d1a",
                "0xc2808d1a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe203b506",
            "selector": "0xe203b506",
            "calldata_variants": [
                "0xe203b506",
                "0xe203b5060000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "examples": [
        {
            "pc": 420,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 520,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 709,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 3,
    "guards_detected": []
}

medium

other

detector

CREATE/CREATE2 reachable

45

no

view

trace_id: 0x9eb4d6778c5fd82cf40473979671c1d01d24d5722d603f728094556efc89ff7c

validation_json

{
    "sink": "CREATE",
    "errors": 0,
    "status": "unknown",
    "attempts": 8,
    "trace_id": "0x9eb4d6778c5fd82cf40473979671c1d01d24d5722d603f728094556efc89ff7c",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3fe43822",
            "selector": "0x3fe43822",
            "calldata_variants": [
                "0x3fe43822",
                "0x3fe438220000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4d6ce1e5",
            "selector": "0x4d6ce1e5",
            "calldata_variants": [
                "0x4d6ce1e5",
                "0x4d6ce1e50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc2808d1a",
            "selector": "0xc2808d1a",
            "calldata_variants": [
                "0xc2808d1a",
                "0xc2808d1a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe203b506",
            "selector": "0xe203b506",
            "calldata_variants": [
                "0xe203b506",
                "0xe203b5060000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "create_count": 0,
    "create2_count": 1
}