TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-aaf2-7208-bf9e-3cf3d1b85ef3

complete
Chain ID
1
Address
0x3b775a057cf23e350293caccee09625779032d1e
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
20925 artifact.fetch complete 1 / 3 3 months ago
20926 tool.cast_disasm complete 1 / 3 3 months ago
64158 analysis.bundle complete 1 / 3 1 week ago
64159 capability.graph complete 1 / 3 1 week ago
64160 detector.run complete 1 / 3 1 week ago
64161 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
1
Total opcodes
229
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: ISZERO
00000007: PUSH2 0x003f
0000000a: JUMPI
0000000b: PUSH1 0x00
0000000d: CALLDATALOAD
0000000e: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002c: SWAP1
0000002d: DIV
0000002e: PUSH4 0xffffffff
00000033: AND
00000034: DUP1
00000035: PUSH4 0x6ea056a9
0000003a: EQ
0000003b: PUSH2 0x0041
0000003e: JUMPI
0000003f: JUMPDEST
00000040: STOP
00000041: JUMPDEST
00000042: CALLVALUE
00000043: ISZERO
00000044: PUSH2 0x004c
00000047: JUMPI
00000048: PUSH1 0x00
0000004a: DUP1
0000004b: REVERT
0000004c: JUMPDEST
0000004d: PUSH2 0x0081
00000050: PUSH1 0x04
00000052: DUP1
00000053: DUP1
00000054: CALLDATALOAD
00000055: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000006a: AND
0000006b: SWAP1
0000006c: PUSH1 0x20
0000006e: ADD
0000006f: SWAP1
00000070: SWAP2
00000071: SWAP1
00000072: DUP1
00000073: CALLDATALOAD
00000074: SWAP1
00000075: PUSH1 0x20
00000077: ADD
00000078: SWAP1
00000079: SWAP2
0000007a: SWAP1
0000007b: POP
0000007c: POP
0000007d: PUSH2 0x009b
00000080: JUMP
00000081: JUMPDEST
00000082: PUSH1 0x40
00000084: MLOAD
00000085: DUP1
00000086: DUP3
00000087: ISZERO
00000088: ISZERO
00000089: ISZERO
0000008a: ISZERO
0000008b: DUP2
0000008c: MSTORE
0000008d: PUSH1 0x20
0000008f: ADD
00000090: SWAP2
00000091: POP
00000092: POP
00000093: PUSH1 0x40
00000095: MLOAD
00000096: DUP1
00000097: SWAP2
00000098: SUB
00000099: SWAP1
0000009a: RETURN
0000009b: JUMPDEST
0000009c: PUSH1 0x00
0000009e: DUP1
0000009f: DUP1
000000a0: SWAP1
000000a1: SLOAD
000000a2: SWAP1
000000a3: PUSH2 0x0100
000000a6: EXP
000000a7: SWAP1
000000a8: DIV
000000a9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000be: AND
000000bf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000d4: AND
000000d5: PUSH4 0x3c18d318
000000da: DUP5
000000db: PUSH1 0x00
000000dd: PUSH1 0x40
000000df: MLOAD
000000e0: PUSH1 0x20
000000e2: ADD
000000e3: MSTORE
000000e4: PUSH1 0x40
000000e6: MLOAD
000000e7: DUP3
000000e8: PUSH4 0xffffffff
000000ed: AND
000000ee: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000010c: MUL
0000010d: DUP2
0000010e: MSTORE
0000010f: PUSH1 0x04
00000111: ADD
00000112: DUP1
00000113: DUP3
00000114: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000129: AND
0000012a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000013f: AND
00000140: DUP2
00000141: MSTORE
00000142: PUSH1 0x20
00000144: ADD
00000145: SWAP2
00000146: POP
00000147: POP
00000148: PUSH1 0x20
0000014a: PUSH1 0x40
0000014c: MLOAD
0000014d: DUP1
0000014e: DUP4
0000014f: SUB
00000150: DUP2
00000151: PUSH1 0x00
00000153: DUP8
00000154: DUP1
00000155: EXTCODESIZE
00000156: ISZERO
00000157: ISZERO
00000158: PUSH2 0x0160
0000015b: JUMPI
0000015c: PUSH1 0x00
0000015e: DUP1
0000015f: REVERT
00000160: JUMPDEST
00000161: PUSH2 0x02c6
00000164: GAS
00000165: SUB
00000166: CALL
00000167: ISZERO
00000168: ISZERO
00000169: PUSH2 0x0171
0000016c: JUMPI
0000016d: PUSH1 0x00
0000016f: DUP1
00000170: REVERT
00000171: JUMPDEST
00000172: POP
00000173: POP
00000174: POP
00000175: PUSH1 0x40
00000177: MLOAD
00000178: DUP1
00000179: MLOAD
0000017a: SWAP1
0000017b: POP
0000017c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000191: AND
00000192: PUSH1 0x00
00000194: CALLDATASIZE
00000195: PUSH1 0x40
00000197: MLOAD
00000198: DUP1
00000199: DUP4
0000019a: DUP4
0000019b: DUP1
0000019c: DUP3
0000019d: DUP5
0000019e: CALLDATACOPY
0000019f: DUP3
000001a0: ADD
000001a1: SWAP2
000001a2: POP
000001a3: POP
000001a4: SWAP3
000001a5: POP
000001a6: POP
000001a7: POP
000001a8: PUSH1 0x00
000001aa: PUSH1 0x40
000001ac: MLOAD
000001ad: DUP1
000001ae: DUP4
000001af: SUB
000001b0: DUP2
000001b1: DUP6
000001b2: PUSH2 0x646e
000001b5: GAS
000001b6: SUB
000001b7: DELEGATECALL
000001b8: SWAP2
000001b9: POP
000001ba: POP
000001bb: SWAP1
000001bc: POP
000001bd: SWAP3
000001be: SWAP2
000001bf: POP
000001c0: POP
000001c1: JUMP
000001c2: STOP
000001c3: LOG1
000001c4: PUSH6 0x627a7a723058
000001cb: KECCAK256
000001cc: UNKNOWN(0xE1)
000001cd: UNKNOWN(0xEA)
000001ce: SWAP6
000001cf: ADD
000001d0: BLOCKHASH
000001d1: UNKNOWN(0xB0)
000001d2: GASPRICE
000001d3: BLOBBASEFEE
000001d4: SWAP15
000001d5: COINBASE
000001d6: UNKNOWN(0xE5)
000001d7: UNKNOWN(0xEB)
000001d8: PUSH16 0x6cde886ab349a997f8030b31eb07f066
000001e9: DUP7
000001ea: UNKNOWN(0xB9)
000001eb: PUSH12

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0x903012e2d3b3d0316e086b869d20a6d4ecf78701c6af1825bdc6467fcf3bc051
call_targets: 0xf9dd79eef74db6de9efbe9715bc256f76f138005
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 13,
    "trace_id": "0x903012e2d3b3d0316e086b869d20a6d4ecf78701c6af1825bdc6467fcf3bc051",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xf9dd79eef74db6de9efbe9715bc256f76f138005"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xffffffff",
            "selector": "0xffffffff",
            "calldata_variants": [
                "0xffffffff",
                "0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6ea056a9",
            "selector": "0x6ea056a9",
            "calldata_variants": [
                "0x6ea056a9",
                "0x6ea056a90000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 439,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0xc2460792e3958edd54f2a4f082fc21e4535193550825f710f4a7417b6d6736e6
call_targets: 0x3b775a057cf23e350293caccee09625779032d1e
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xc2460792e3958edd54f2a4f082fc21e4535193550825f710f4a7417b6d6736e6",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x3b775a057cf23e350293caccee09625779032d1e"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xffffffff",
            "selector": "0xffffffff",
            "calldata_variants": [
                "0xffffffff",
                "0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6ea056a9",
            "selector": "0x6ea056a9",
            "calldata_variants": [
                "0x6ea056a9",
                "0x6ea056a90000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 358,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [],
    "untrusted_call_count": 1
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0xc2460792e3958edd54f2a4f082fc21e4535193550825f710f4a7417b6d6736e6
call_targets: 0x3b775a057cf23e350293caccee09625779032d1e
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xc2460792e3958edd54f2a4f082fc21e4535193550825f710f4a7417b6d6736e6",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x3b775a057cf23e350293caccee09625779032d1e"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xffffffff",
            "selector": "0xffffffff",
            "calldata_variants": [
                "0xffffffff",
                "0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6ea056a9",
            "selector": "0x6ea056a9",
            "calldata_variants": [
                "0x6ea056a9",
                "0x6ea056a90000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 358,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": []
}