TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-a6be-7258-95ee-a3b5404b9435

complete
Chain ID
1
Address
0xa1a111bc074c9cfa781f0c38e63bd51c91b8af00
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
20137 artifact.fetch complete 1 / 3 3 months ago
20138 tool.cast_disasm complete 1 / 3 3 months ago
63590 analysis.bundle complete 1 / 3 2 weeks ago
63591 capability.graph complete 1 / 3 2 weeks ago
63592 detector.run complete 1 / 3 2 weeks ago
63593 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
0
Total opcodes
472
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x0056
0000000a: JUMPI
0000000b: PUSH1 0xe0
0000000d: PUSH1 0x02
0000000f: EXP
00000010: PUSH1 0x00
00000012: CALLDATALOAD
00000013: DIV
00000014: PUSH4 0x02571be3
00000019: DUP2
0000001a: EQ
0000001b: PUSH2 0x0058
0000001e: JUMPI
0000001f: DUP1
00000020: PUSH4 0x201745d5
00000025: EQ
00000026: PUSH2 0x007f
00000029: JUMPI
0000002a: DUP1
0000002b: PUSH4 0x3b3b57de
00000030: EQ
00000031: PUSH2 0x0115
00000034: JUMPI
00000035: DUP1
00000036: PUSH4 0x432ced04
0000003b: EQ
0000003c: PUSH2 0x0138
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x79ce9fac
00000046: EQ
00000047: PUSH2 0x01a7
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0xd5fa2b00
00000051: EQ
00000052: PUSH2 0x020f
00000055: JUMPI
00000056: JUMPDEST
00000057: STOP
00000058: JUMPDEST
00000059: PUSH2 0x0273
0000005c: PUSH1 0x04
0000005e: CALLDATALOAD
0000005f: PUSH1 0x00
00000061: DUP2
00000062: DUP2
00000063: MSTORE
00000064: PUSH1 0x20
00000066: DUP2
00000067: SWAP1
00000068: MSTORE
00000069: PUSH1 0x40
0000006b: SWAP1
0000006c: KECCAK256
0000006d: PUSH1 0x01
0000006f: ADD
00000070: SLOAD
00000071: PUSH1 0x01
00000073: PUSH1 0xa0
00000075: PUSH1 0x02
00000077: EXP
00000078: SUB
00000079: AND
0000007a: JUMPDEST
0000007b: SWAP2
0000007c: SWAP1
0000007d: POP
0000007e: JUMP
0000007f: JUMPDEST
00000080: PUSH2 0x0056
00000083: PUSH1 0x04
00000085: CALLDATALOAD
00000086: PUSH1 0x24
00000088: CALLDATALOAD
00000089: PUSH1 0x00
0000008b: DUP3
0000008c: DUP2
0000008d: MSTORE
0000008e: PUSH1 0x20
00000090: DUP2
00000091: SWAP1
00000092: MSTORE
00000093: PUSH1 0x40
00000095: SWAP1
00000096: KECCAK256
00000097: PUSH1 0x01
00000099: ADD
0000009a: SLOAD
0000009b: DUP3
0000009c: SWAP1
0000009d: PUSH1 0x01
0000009f: PUSH1 0xa0
000000a1: PUSH1 0x02
000000a3: EXP
000000a4: SUB
000000a5: SWAP1
000000a6: DUP2
000000a7: AND
000000a8: CALLER
000000a9: SWAP2
000000aa: SWAP1
000000ab: SWAP2
000000ac: AND
000000ad: EQ
000000ae: ISZERO
000000af: PUSH2 0x020a
000000b2: JUMPI
000000b3: PUSH1 0x40
000000b5: PUSH1 0x00
000000b7: SWAP1
000000b8: DUP2
000000b9: KECCAK256
000000ba: PUSH1 0x01
000000bc: DUP2
000000bd: ADD
000000be: DUP1
000000bf: SLOAD
000000c0: DUP3
000000c1: SLOAD
000000c2: PUSH1 0x01
000000c4: PUSH1 0xa0
000000c6: PUSH1 0x02
000000c8: EXP
000000c9: SUB
000000ca: NOT
000000cb: SWAP1
000000cc: DUP2
000000cd: AND
000000ce: SWAP1
000000cf: SWAP4
000000d0: SSTORE
000000d1: SWAP2
000000d2: SWAP1
000000d3: SWAP2
000000d4: AND
000000d5: SWAP1
000000d6: SSTORE
000000d7: PUSH1 0x01
000000d9: PUSH1 0xa0
000000db: PUSH1 0x02
000000dd: EXP
000000de: SUB
000000df: DUP4
000000e0: AND
000000e1: SWAP1
000000e2: PUSH9 0x03bd913e6c1df40000
000000ec: PUSH1 0x60
000000ee: DUP3
000000ef: DUP2
000000f0: DUP2
000000f1: DUP2
000000f2: DUP6
000000f3: DUP9
000000f4: DUP4
000000f5: CALL
000000f6: POP
000000f7: POP
000000f8: PUSH1 0x40
000000fa: MLOAD
000000fb: DUP5
000000fc: SWAP4
000000fd: POP
000000fe: PUSH1 0x00
00000100: DUP1
00000101: MLOAD
00000102: PUSH1 0x20
00000104: PUSH2 0x0287
00000107: DUP4
00000108: CODECOPY
00000109: DUP2
0000010a: MLOAD
0000010b: SWAP2
0000010c: MSTORE
0000010d: SWAP3
0000010e: SWAP2
0000010f: POP
00000110: LOG2
00000111: POP
00000112: POP
00000113: POP
00000114: JUMP
00000115: JUMPDEST
00000116: PUSH2 0x0273
00000119: PUSH1 0x04
0000011b: CALLDATALOAD
0000011c: PUSH1 0x00
0000011e: DUP2
0000011f: DUP2
00000120: MSTORE
00000121: PUSH1 0x20
00000123: DUP2
00000124: SWAP1
00000125: MSTORE
00000126: PUSH1 0x40
00000128: SWAP1
00000129: KECCAK256
0000012a: SLOAD
0000012b: PUSH1 0x01
0000012d: PUSH1 0xa0
0000012f: PUSH1 0x02
00000131: EXP
00000132: SUB
00000133: AND
00000134: PUSH2 0x007a
00000137: JUMP
00000138: JUMPDEST
00000139: PUSH2 0x0056
0000013c: PUSH1 0x04
0000013e: CALLDATALOAD
0000013f: PUSH1 0x00
00000141: DUP2
00000142: DUP2
00000143: MSTORE
00000144: PUSH1 0x20
00000146: DUP2
00000147: SWAP1
00000148: MSTORE
00000149: PUSH1 0x40
0000014b: DUP2
0000014c: KECCAK256
0000014d: PUSH1 0x01
0000014f: ADD
00000150: SLOAD
00000151: PUSH1 0x01
00000153: PUSH1 0xa0
00000155: PUSH1 0x02
00000157: EXP
00000158: SUB
00000159: AND
0000015a: EQ
0000015b: DUP1
0000015c: ISZERO
0000015d: PUSH2 0x016f
00000160: JUMPI
00000161: POP
00000162: PUSH9 0x03bd913e6c1df40000
0000016c: CALLVALUE
0000016d: LT
0000016e: ISZERO
0000016f: JUMPDEST
00000170: ISZERO
00000171: PUSH2 0x01a4
00000174: JUMPI
00000175: PUSH1 0x40
00000177: PUSH1 0x00
00000179: SWAP1
0000017a: DUP2
0000017b: KECCAK256
0000017c: PUSH1 0x01
0000017e: ADD
0000017f: DUP1
00000180: SLOAD
00000181: PUSH1 0x01
00000183: PUSH1 0xa0
00000185: PUSH1 0x02
00000187: EXP
00000188: SUB
00000189: NOT
0000018a: AND
0000018b: CALLER
0000018c: OR
0000018d: SWAP1
0000018e: SSTORE
0000018f: DUP2
00000190: SWAP1
00000191: PUSH1 0x00
00000193: DUP1
00000194: MLOAD
00000195: PUSH1 0x20
00000197: PUSH2 0x0287
0000019a: DUP4
0000019b: CODECOPY
0000019c: DUP2
0000019d: MLOAD
0000019e: SWAP2
0000019f: MSTORE
000001a0: SWAP1
000001a1: PUSH1 0x60
000001a3: LOG2
000001a4: JUMPDEST
000001a5: POP
000001a6: JUMP
000001a7: JUMPDEST
000001a8: PUSH2 0x0056
000001ab: PUSH1 0x04
000001ad: CALLDATALOAD
000001ae: PUSH1 0x24
000001b0: CALLDATALOAD
000001b1: PUSH1 0x00
000001b3: DUP3
000001b4: DUP2
000001b5: MSTORE
000001b6: PUSH1 0x20
000001b8: DUP2
000001b9: SWAP1
000001ba: MSTORE
000001bb: PUSH1 0x40
000001bd: SWAP1
000001be: KECCAK256
000001bf: PUSH1 0x01
000001c1: ADD
000001c2: SLOAD
000001c3: DUP3
000001c4: SWAP1
000001c5: PUSH1 0x01
000001c7: PUSH1 0xa0
000001c9: PUSH1 0x02
000001cb: EXP
000001cc: SUB
000001cd: SWAP1
000001ce: DUP2
000001cf: AND
000001d0: CALLER
000001d1: SWAP2
000001d2: SWAP1
000001d3: SWAP2
000001d4: AND
000001d5: EQ
000001d6: ISZERO
000001d7: PUSH2 0x020a
000001da: JUMPI
000001db: PUSH1 0x40
000001dd: PUSH1 0x00
000001df: SWAP1
000001e0: DUP2
000001e1: KECCAK256
000001e2: PUSH1 0x01
000001e4: ADD
000001e5: DUP1
000001e6: SLOAD
000001e7: PUSH1 0x01
000001e9: PUSH1 0xa0
000001eb: PUSH1 0x02
000001ed: EXP
000001ee: SUB
000001ef: NOT
000001f0: AND
000001f1: DUP5
000001f2: OR
000001f3: SWAP1
000001f4: SSTORE
000001f5: DUP2
000001f6: SWAP1
000001f7: PUSH1 0x00
000001f9: DUP1
000001fa: MLOAD
000001fb: PUSH1 0x20
000001fd: PUSH2 0x0287
00000200: DUP4
00000201: CODECOPY
00000202: DUP2
00000203: MLOAD
00000204: SWAP2
00000205: MSTORE
00000206: SWAP1
00000207: PUSH1 0x60
00000209: LOG2
0000020a: JUMPDEST
0000020b: POP
0000020c: POP
0000020d: POP
0000020e: JUMP
0000020f: JUMPDEST
00000210: PUSH2 0x0056
00000213: PUSH1 0x04
00000215: CALLDATALOAD
00000216: PUSH1 0x24
00000218: CALLDATALOAD
00000219: PUSH1 0x00
0000021b: DUP3
0000021c: DUP2
0000021d: MSTORE
0000021e: PUSH1 0x20
00000220: DUP2
00000221: SWAP1
00000222: MSTORE
00000223: PUSH1 0x40
00000225: SWAP1
00000226: KECCAK256
00000227: PUSH1 0x01
00000229: ADD
0000022a: SLOAD
0000022b: DUP3
0000022c: SWAP1
0000022d: PUSH1 0x01
0000022f: PUSH1 0xa0
00000231: PUSH1 0x02
00000233: EXP
00000234: SUB
00000235: SWAP1
00000236: DUP2
00000237: AND
00000238: CALLER
00000239: SWAP2
0000023a: SWAP1
0000023b: SWAP2
0000023c: AND
0000023d: EQ
0000023e: ISZERO
0000023f: PUSH2 0x020a
00000242: JUMPI
00000243: PUSH1 0x40
00000245: PUSH1 0x00
00000247: SWAP1
00000248: DUP2
00000249: KECCAK256
0000024a: DUP1
0000024b: SLOAD
0000024c: PUSH1 0x01
0000024e: PUSH1 0xa0
00000250: PUSH1 0x02
00000252: EXP
00000253: SUB
00000254: NOT
00000255: AND
00000256: DUP5
00000257: OR
00000258: SWAP1
00000259: SSTORE
0000025a: DUP2
0000025b: SWAP1
0000025c: PUSH1 0x00
0000025e: DUP1
0000025f: MLOAD
00000260: PUSH1 0x20
00000262: PUSH2 0x0287
00000265: DUP4
00000266: CODECOPY
00000267: DUP2
00000268: MLOAD
00000269: SWAP2
0000026a: MSTORE
0000026b: SWAP1
0000026c: PUSH1 0x60
0000026e: LOG2
0000026f: POP
00000270: POP
00000271: POP
00000272: JUMP
00000273: JUMPDEST
00000274: PUSH1 0x01
00000276: PUSH1 0xa0
00000278: PUSH1 0x02
0000027a: EXP
0000027b: SUB
0000027c: AND
0000027d: PUSH1 0x60
0000027f: SWAP1
00000280: DUP2
00000281: MSTORE
00000282: PUSH1 0x20
00000284: SWAP1
00000285: RETURN
00000286: STOP
00000287: UNKNOWN(0xA6)
00000288: PUSH10 0x7e974e6a320f454390be
00000293: SUB
00000294: UNKNOWN(0xF7)
00000295: BLOBHASH
00000296: SSTORE
00000297: UNKNOWN(0xE8)
00000298: SWAP8
00000299: DUP16
0000029a: BYTE
0000029b: PUSH10 0x71ea6730542e37b66179
000002a6: UNKNOWN(0xBC)

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0xeeedfbd0405576fbc1c21f1de0557fe470cd102aa3f01365f571992e333f3501
call_targets: 0xa1a111bc074c9cfa781f0c38e63bd51c91b8af00
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xeeedfbd0405576fbc1c21f1de0557fe470cd102aa3f01365f571992e333f3501",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xa1a111bc074c9cfa781f0c38e63bd51c91b8af00"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x02571be3",
            "selector": "0x02571be3",
            "calldata_variants": [
                "0x02571be3",
                "0x02571be30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x201745d5",
            "selector": "0x201745d5",
            "calldata_variants": [
                "0x201745d5",
                "0x201745d50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3b3b57de",
            "selector": "0x3b3b57de",
            "calldata_variants": [
                "0x3b3b57de",
                "0x3b3b57de0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x432ced04",
            "selector": "0x432ced04",
            "calldata_variants": [
                "0x432ced04",
                "0x432ced040000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x79ce9fac",
            "selector": "0x79ce9fac",
            "calldata_variants": [
                "0x79ce9fac",
                "0x79ce9fac0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd5fa2b00",
            "selector": "0xd5fa2b00",
            "calldata_variants": [
                "0xd5fa2b00",
                "0xd5fa2b000000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 245,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [],
    "untrusted_call_count": 1
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0xeeedfbd0405576fbc1c21f1de0557fe470cd102aa3f01365f571992e333f3501
call_targets: 0xa1a111bc074c9cfa781f0c38e63bd51c91b8af00
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xeeedfbd0405576fbc1c21f1de0557fe470cd102aa3f01365f571992e333f3501",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xa1a111bc074c9cfa781f0c38e63bd51c91b8af00"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x02571be3",
            "selector": "0x02571be3",
            "calldata_variants": [
                "0x02571be3",
                "0x02571be30000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x201745d5",
            "selector": "0x201745d5",
            "calldata_variants": [
                "0x201745d5",
                "0x201745d50000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3b3b57de",
            "selector": "0x3b3b57de",
            "calldata_variants": [
                "0x3b3b57de",
                "0x3b3b57de0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x432ced04",
            "selector": "0x432ced04",
            "calldata_variants": [
                "0x432ced04",
                "0x432ced040000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x79ce9fac",
            "selector": "0x79ce9fac",
            "calldata_variants": [
                "0x79ce9fac",
                "0x79ce9fac0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd5fa2b00",
            "selector": "0xd5fa2b00",
            "calldata_variants": [
                "0xd5fa2b00",
                "0xd5fa2b000000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 245,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": []
}