TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b422c-5600-71b9-95ab-04ba54ca9f3f

complete
Chain ID
1
Address
0xd803472c47a87d7b63e888de53f03b4191b846a8
Block Number
Created
Sun, Dec 21, 2025 6:29 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Present
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 proxy context implementation known
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
20109 artifact.fetch complete 1 / 3 3 months ago
20110 proxy.resolve complete 1 / 3 3 months ago
20111 tool.cast_disasm complete 1 / 3 3 months ago
20112 report.consolidate complete 1 / 3 3 months ago
63398 analysis.bundle complete 1 / 3 1 week ago
63399 capability.graph complete 1 / 3 1 week ago
63400 detector.run complete 1 / 3 1 week ago
63401 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: yes etherscan_only
Implementation:
0xd5ecdb020d5c4e5366758eed5fbbcb92071c56cc
Verified Source: yes
Proxy evidence 
{
    "status": "etherscan_only",
    "etherscan_hint": {
        "source": "etherscan",
        "etherscan": {
            "proxy_flag": true,
            "implementation": "0xd5ecdb020d5c4e5366758eed5fbbcb92071c56cc"
        }
    },
    "implementation": "0xd5ecdb020d5c4e5366758eed5fbbcb92071c56cc"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 3
Findings
1
No findings?
no
Summary
Single delegatecall entrypoint allows the gateway to execute arbitrary code in the agent context; if the gateway or executor is compromised, the agent can be fully controlled or destroyed.
View stdout 
{"no_findings":false,"summary":"Single delegatecall entrypoint allows the gateway to execute arbitrary code in the agent context; if the gateway or executor is compromised, the agent can be fully controlled or destroyed.","findings":[{"severity":"high","category":"dangerous delegatecall","title":"Gateway-controlled delegatecall enables arbitrary code execution in Agent context","exploit_scenario":"If the GATEWAY is compromised or misconfigured, it can supply a malicious executor that executes arbitrary code via delegatecall, potentially draining ETH held by the agent, corrupting state, or selfdestructing the contract.","recommendation":"Restrict `executor` to a vetted allowlist or fixed implementation (e.g., immutable codehash check), and consider explicit upgrade governance if dynamic execution is required. If arbitrary execution is intended, document this trust assumption and add monitoring/guardrails at the gateway.","evidence":"`invoke` performs `executor.delegatecall(data)` after only checking `msg.sender == GATEWAY`.","locations":["src/Agent.sol:29"]}]}
View stderr 
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-voq7zucg
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: none
reasoning summaries: auto
session id: 019b422c-5a35-7020-b529-ccecede728f5
--------
user
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Keep summary short and concrete.
mcp startup: no servers

thinking
**Preparing to inspect files**
exec
/bin/bash -lc 'rg --files' in /tmp/codex-voq7zucg succeeded in 8ms:
codex-output-schema.json
src/Agent.sol
exec
/bin/bash -lc "sed -n '1,200p' src/Agent.sol" in /tmp/codex-voq7zucg succeeded in 6ms:
// SPDX-License-Identifier: Apache-2.0
// SPDX-FileCopyrightText: 2023 Snowfork <hello@snowfork.com>
pragma solidity 0.8.25;

/// @title An agent contract that acts on behalf of a consensus system on Polkadot
/// @dev Instances of this contract act as an agents for arbitrary consensus systems on Polkadot. These consensus systems
/// can include toplevel parachains as as well as nested consensus systems within a parachain.
contract Agent {
    error Unauthorized();

    /// @dev The unique ID for this agent, derived from the MultiLocation of the corresponding consensus system on Polkadot
    bytes32 public immutable AGENT_ID;

    /// @dev The gateway contract controlling this agent
    address public immutable GATEWAY;

    constructor(bytes32 agentID) {
        AGENT_ID = agentID;
        GATEWAY = msg.sender;
    }

thinking
**Analyzing delegatecall risks**
exec
/bin/bash -lc 'nl -ba src/Agent.sol' in /tmp/codex-voq7zucg succeeded in 5ms:
     1	// SPDX-License-Identifier: Apache-2.0
     2	// SPDX-FileCopyrightText: 2023 Snowfork <hello@snowfork.com>
     3	pragma solidity 0.8.25;
     4	
     5	/// @title An agent contract that acts on behalf of a consensus system on Polkadot
     6	/// @dev Instances of this contract act as an agents for arbitrary consensus systems on Polkadot. These consensus systems
     7	/// can include toplevel parachains as as well as nested consensus systems within a parachain.
     8	contract Agent {
     9	    error Unauthorized();
    10	
    11	    /// @dev The unique ID for this agent, derived from the MultiLocation of the corresponding consensus system on Polkadot
    12	    bytes32 public immutable AGENT_ID;
    13	
    14	    /// @dev The gateway contract controlling this agent
    15	    address public immutable GATEWAY;
    16	
    17	    constructor(bytes32 agentID) {
    18	        AGENT_ID = agentID;
    19	        GATEWAY = msg.sender;
    20	    }

thinking
**Summarizing security finding**
codex
{"no_findings":false,"summary":"Single delegatecall entrypoint allows the gateway to execute arbitrary code in the agent context; if the gateway or executor is compromised, the agent can be fully controlled or destroyed.","findings":[{"severity":"high","category":"dangerous delegatecall","title":"Gateway-controlled delegatecall enables arbitrary code execution in Agent context","exploit_scenario":"If the GATEWAY is compromised or misconfigured, it can supply a malicious executor that executes arbitrary code via delegatecall, potentially draining ETH held by the agent, corrupting state, or selfdestructing the contract.","recommendation":"Restrict `executor` to a vetted allowlist or fixed implementation (e.g., immutable codehash check), and consider explicit upgrade governance if dynamic execution is required. If arbitrary execution is intended, document this trust assumption and add monitoring/guardrails at the gateway.","evidence":"`invoke` performs `executor.delegatecall(data)` after only checking `msg.sender == GATEWAY`.","locations":["src/Agent.sol:29"]}]}
tokens used
6,126
Metadata 
{
    "codex": {
        "ran_at": "2025-12-21T18:29:38.475579+00:00",
        "returncode": 0
    },
    "project": {
        "file_count": 1,
        "import_count": 0
    },
    "summary": "Single delegatecall entrypoint allows the gateway to execute arbitrary code in the agent context; if the gateway or executor is compromised, the agent can be fully controlled or destroyed.",
    "raw_final": {
        "summary": "Single delegatecall entrypoint allows the gateway to execute arbitrary code in the agent context; if the gateway or executor is compromised, the agent can be fully controlled or destroyed.",
        "findings": [
            {
                "title": "Gateway-controlled delegatecall enables arbitrary code execution in Agent context",
                "category": "dangerous delegatecall",
                "evidence": "`invoke` performs `executor.delegatecall(data)` after only checking `msg.sender == GATEWAY`.",
                "severity": "high",
                "locations": [
                    "src/Agent.sol:29"
                ],
                "recommendation": "Restrict `executor` to a vetted allowlist or fixed implementation (e.g., immutable codehash check), and consider explicit upgrade governance if dynamic execution is required. If arbitrary execution is intended, document this trust assumption and add monitoring/guardrails at the gateway.",
                "exploit_scenario": "If the GATEWAY is compromised or misconfigured, it can supply a malicious executor that executes arbitrary code via delegatecall, potentially draining ETH held by the agent, corrupting state, or selfdestructing the contract."
            }
        ],
        "no_findings": false
    },
    "no_findings": false,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
380
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: DUP2
00000005: DUP2
00000006: MSTORE
00000007: PUSH1 0x04
00000009: SWAP2
0000000a: DUP3
0000000b: CALLDATASIZE
0000000c: LT
0000000d: ISZERO
0000000e: PUSH2 0x0022
00000011: JUMPI
00000012: JUMPDEST
00000013: POP
00000014: POP
00000015: POP
00000016: CALLDATASIZE
00000017: ISZERO
00000018: PUSH2 0x0020
0000001b: JUMPI
0000001c: PUSH1 0x00
0000001e: DUP1
0000001f: REVERT
00000020: JUMPDEST
00000021: STOP
00000022: JUMPDEST
00000023: PUSH1 0x00
00000025: SWAP3
00000026: DUP4
00000027: CALLDATALOAD
00000028: PUSH1 0xe0
0000002a: SHR
0000002b: SWAP2
0000002c: DUP3
0000002d: PUSH4 0x338c5371
00000032: EQ
00000033: PUSH2 0x02df
00000036: JUMPI
00000037: POP
00000038: DUP2
00000039: PUSH4 0x9bb66b28
0000003e: EQ
0000003f: PUSH2 0x00ae
00000042: JUMPI
00000043: POP
00000044: PUSH4 0xe905182a
00000049: EQ
0000004a: PUSH2 0x0053
0000004d: JUMPI
0000004e: DUP1
0000004f: PUSH2 0x0012
00000052: JUMP
00000053: JUMPDEST
00000054: CALLVALUE
00000055: PUSH2 0x00aa
00000058: JUMPI
00000059: DUP2
0000005a: PUSH32 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc
0000007b: CALLDATASIZE
0000007c: ADD
0000007d: SLT
0000007e: PUSH2 0x00aa
00000081: JUMPI
00000082: PUSH1 0x20
00000084: SWAP1
00000085: MLOAD
00000086: PUSH32 0x81c5ab2571199e3188135178f3c2c8e2d268be1313d029b30f534fa579b69b79
000000a7: DUP2
000000a8: MSTORE
000000a9: RETURN
000000aa: JUMPDEST
000000ab: POP
000000ac: DUP1
000000ad: REVERT
000000ae: JUMPDEST
000000af: DUP3
000000b0: DUP5
000000b1: CALLVALUE
000000b2: PUSH2 0x02dc
000000b5: JUMPI
000000b6: DUP2
000000b7: PUSH32 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc
000000d8: CALLDATASIZE
000000d9: ADD
000000da: SLT
000000db: PUSH2 0x02dc
000000de: JUMPI
000000df: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000f4: SWAP3
000000f5: DUP1
000000f6: CALLDATALOAD
000000f7: DUP5
000000f8: DUP2
000000f9: AND
000000fa: DUP2
000000fb: SUB
000000fc: PUSH2 0x02d8
000000ff: JUMPI
00000100: PUSH1 0x24
00000102: CALLDATALOAD
00000103: PUSH8 0xffffffffffffffff
0000010c: SWAP6
0000010d: DUP7
0000010e: DUP3
0000010f: GT
00000110: PUSH2 0x02d4
00000113: JUMPI
00000114: CALLDATASIZE
00000115: PUSH1 0x23
00000117: DUP4
00000118: ADD
00000119: SLT
0000011a: ISZERO
0000011b: PUSH2 0x02d4
0000011e: JUMPI
0000011f: DUP2
00000120: DUP5
00000121: ADD
00000122: CALLDATALOAD
00000123: SWAP1
00000124: DUP8
00000125: DUP3
00000126: GT
00000127: PUSH2 0x02d0
0000012a: JUMPI
0000012b: CALLDATASIZE
0000012c: PUSH1 0x24
0000012e: DUP4
0000012f: DUP6
00000130: ADD
00000131: ADD
00000132: GT
00000133: PUSH2 0x02d0
00000136: JUMPI
00000137: PUSH32 0x00000000000000000000000027ca963c279c93801941e1eb8799c23f407d68e7
00000158: AND
00000159: CALLER
0000015a: SUB
0000015b: PUSH2 0x02a8
0000015e: JUMPI
0000015f: SWAP2
00000160: PUSH1 0x24
00000162: DUP6
00000163: SWAP4
00000164: SWAP3
00000165: DUP4
00000166: DUP6
00000167: SWAP5
00000168: DUP10
00000169: MLOAD
0000016a: SWAP4
0000016b: DUP5
0000016c: SWAP4
0000016d: ADD
0000016e: DUP4
0000016f: CALLDATACOPY
00000170: DUP2
00000171: ADD
00000172: DUP5
00000173: DUP2
00000174: MSTORE
00000175: SUB
00000176: SWAP2
00000177: GAS
00000178: DELEGATECALL
00000179: SWAP4
0000017a: RETURNDATASIZE
0000017b: ISZERO
0000017c: PUSH2 0x029d
0000017f: JUMPI
00000180: RETURNDATASIZE
00000181: SWAP1
00000182: DUP1
00000183: DUP3
00000184: GT
00000185: PUSH2 0x0271
00000188: JUMPI
00000189: DUP5
0000018a: MLOAD
0000018b: SWAP3
0000018c: PUSH1 0x1f
0000018e: DUP4
0000018f: ADD
00000190: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
000001b1: SWAP1
000001b2: DUP2
000001b3: AND
000001b4: PUSH1 0x3f
000001b6: ADD
000001b7: AND
000001b8: DUP5
000001b9: ADD
000001ba: SWAP2
000001bb: DUP3
000001bc: GT
000001bd: DUP5
000001be: DUP4
000001bf: LT
000001c0: OR
000001c1: PUSH2 0x0245
000001c4: JUMPI
000001c5: POP
000001c6: DUP5
000001c7: MSTORE
000001c8: DUP2
000001c9: MSTORE
000001ca: RETURNDATASIZE
000001cb: DUP3
000001cc: PUSH1 0x20
000001ce: DUP4
000001cf: ADD
000001d0: RETURNDATACOPY
000001d1: SWAP3
000001d2: SWAP1
000001d3: JUMPDEST
000001d4: DUP3
000001d5: MLOAD
000001d6: SWAP4
000001d7: DUP5
000001d8: SWAP3
000001d9: ISZERO
000001da: ISZERO
000001db: DUP4
000001dc: MSTORE
000001dd: PUSH1 0x20
000001df: SWAP1
000001e0: DUP5
000001e1: PUSH1 0x20
000001e3: DUP6
000001e4: ADD
000001e5: MSTORE
000001e6: DUP1
000001e7: MLOAD
000001e8: DUP1
000001e9: SWAP6
000001ea: DUP6
000001eb: ADD
000001ec: MSTORE
000001ed: DUP3
000001ee: JUMPDEST
000001ef: DUP6
000001f0: DUP2
000001f1: LT
000001f2: PUSH2 0x022e
000001f5: JUMPI
000001f6: POP
000001f7: POP
000001f8: POP
000001f9: PUSH1 0x1f
000001fb: DUP4
000001fc: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
0000021d: SWAP3
0000021e: PUSH1 0x60
00000220: DUP1
00000221: SWAP7
00000222: DUP7
00000223: ADD
00000224: ADD
00000225: MSTORE
00000226: ADD
00000227: AND
00000228: DUP2
00000229: ADD
0000022a: SUB
0000022b: ADD
0000022c: SWAP1
0000022d: RETURN
0000022e: JUMPDEST
0000022f: DUP2
00000230: DUP2
00000231: ADD
00000232: DUP4
00000233: ADD
00000234: MLOAD
00000235: DUP8
00000236: DUP3
00000237: ADD
00000238: PUSH1 0x60
0000023a: ADD
0000023b: MSTORE
0000023c: DUP7
0000023d: SWAP5
0000023e: POP
0000023f: DUP3
00000240: ADD
00000241: PUSH2 0x01ee
00000244: JUMP
00000245: JUMPDEST
00000246: DUP5
00000247: PUSH1 0x41
00000249: PUSH1 0x24
0000024b: SWAP3
0000024c: PUSH32 0x4e487b7100000000000000000000000000000000000000000000000000000000
0000026d: DUP4
0000026e: MSTORE
0000026f: MSTORE
00000270: REVERT
00000271: JUMPDEST
00000272: PUSH1 0x24
00000274: DUP5
00000275: PUSH1 0x41
00000277: DUP6
00000278: PUSH32 0x4e487b7100000000000000000000000000000000000000000000000000000000
00000299: DUP4
0000029a: MSTORE
0000029b: MSTORE
0000029c: REVERT
0000029d: JUMPDEST
0000029e: POP
0000029f: POP
000002a0: PUSH1 0x60
000002a2: SWAP3
000002a3: SWAP1
000002a4: PUSH2 0x01d3
000002a7: JUMP
000002a8: JUMPDEST
000002a9: DUP4
000002aa: DUP7
000002ab: MLOAD
000002ac: PUSH32 0x82b4290000000000000000000000000000000000000000000000000000000000
000002cd: DUP2
000002ce: MSTORE
000002cf: REVERT
000002d0: JUMPDEST
000002d1: DUP6
000002d2: DUP1
000002d3: REVERT
000002d4: JUMPDEST
000002d5: DUP5
000002d6: DUP1
000002d7: REVERT
000002d8: JUMPDEST
000002d9: DUP3
000002da: DUP1
000002db: REVERT
000002dc: JUMPDEST
000002dd: DUP1
000002de: REVERT
000002df: JUMPDEST
000002e0: DUP5
000002e1: SWAP1
000002e2: CALLVALUE
000002e3: PUSH2 0x00aa
000002e6: JUMPI
000002e7: DUP2
000002e8: PUSH32 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc
00000309: CALLDATASIZE
0000030a: ADD
0000030b: SLT
0000030c: PUSH2 0x00aa
0000030f: JUMPI
00000310: PUSH1 0x20
00000312: SWAP1
00000313: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000328: PUSH32 0x00000000000000000000000027ca963c279c93801941e1eb8799c23f407d68e7
00000349: AND
0000034a: DUP2
0000034b: MSTORE
0000034c: RETURN
0000034d: INVALID
0000034e: LOG2
0000034f: PUSH5 0x6970667358
00000355: UNKNOWN(0x22)
00000356: SLT
00000357: KECCAK256
00000358: SHL
00000359: SHR
0000035a: UNKNOWN(0xC5)
0000035b: PUSH24 0xf24b9d8e5472b448ec535a07efeb64b1500d66f0e9d785be
00000374: UNKNOWN(0x4E)
00000375: CALLDATACOPY
00000376: SWAP3
00000377: UNKNOWN(0xD9)
00000378: PUSH5 0x736f6c6343
0000037e: STOP
0000037f: ADDMOD
00000380: NOT
00000381: STOP
00000382: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0xdf8713fc3705c57da8663d37ec37ba9e0653a44021e6b77e66a9aaa91c80d340
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 36,
    "trace_id": "0xdf8713fc3705c57da8663d37ec37ba9e0653a44021e6b77e66a9aaa91c80d340",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x338c5371",
            "selector": "0x338c5371",
            "calldata_variants": [
                "0x338c5371",
                "0x338c53710000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x9bb66b28",
            "selector": "0x9bb66b28",
            "calldata_variants": [
                "0x9bb66b28",
                "0x9bb66b280000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xe905182a",
            "selector": "0xe905182a",
            "calldata_variants": [
                "0xe905182a",
                "0xe905182a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 376,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
high other codex Gateway-controlled delegatecall enables arbitrary code execution in Agent context 85 no
view
evidence_json 
{
    "evidence": "`invoke` performs `executor.delegatecall(data)` after only checking `msg.sender == GATEWAY`.",
    "locations": [
        "src/Agent.sol:29"
    ],
    "recommendation": "Restrict `executor` to a vetted allowlist or fixed implementation (e.g., immutable codehash check), and consider explicit upgrade governance if dynamic execution is required. If arbitrary execution is intended, document this trust assumption and add monitoring/guardrails at the gateway.",
    "exploit_scenario": "If the GATEWAY is compromised or misconfigured, it can supply a malicious executor that executes arbitrary code via delegatecall, potentially draining ETH held by the agent, corrupting state, or selfdestructing the contract."
}