TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-ab9c-72dd-be13-1c7ad877d4e2

complete
Chain ID
1
Address
0xee867944c0d98c66e2dde05e25c0e426e8137915
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
21051 artifact.fetch complete 1 / 3 3 months ago
21052 tool.cast_disasm complete 1 / 3 3 months ago
63922 analysis.bundle complete 1 / 3 1 week ago
63923 capability.graph complete 1 / 3 1 week ago
63924 detector.run complete 1 / 3 1 week ago
63925 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
1
Total opcodes
221
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0041
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002e: SWAP1
0000002f: DIV
00000030: PUSH4 0xffffffff
00000035: AND
00000036: DUP1
00000037: PUSH4 0x6ea056a9
0000003c: EQ
0000003d: PUSH2 0x0043
00000040: JUMPI
00000041: JUMPDEST
00000042: STOP
00000043: JUMPDEST
00000044: CALLVALUE
00000045: ISZERO
00000046: PUSH2 0x004e
00000049: JUMPI
0000004a: PUSH1 0x00
0000004c: DUP1
0000004d: REVERT
0000004e: JUMPDEST
0000004f: PUSH2 0x0083
00000052: PUSH1 0x04
00000054: DUP1
00000055: DUP1
00000056: CALLDATALOAD
00000057: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000006c: AND
0000006d: SWAP1
0000006e: PUSH1 0x20
00000070: ADD
00000071: SWAP1
00000072: SWAP2
00000073: SWAP1
00000074: DUP1
00000075: CALLDATALOAD
00000076: SWAP1
00000077: PUSH1 0x20
00000079: ADD
0000007a: SWAP1
0000007b: SWAP2
0000007c: SWAP1
0000007d: POP
0000007e: POP
0000007f: PUSH2 0x009d
00000082: JUMP
00000083: JUMPDEST
00000084: PUSH1 0x40
00000086: MLOAD
00000087: DUP1
00000088: DUP3
00000089: ISZERO
0000008a: ISZERO
0000008b: ISZERO
0000008c: ISZERO
0000008d: DUP2
0000008e: MSTORE
0000008f: PUSH1 0x20
00000091: ADD
00000092: SWAP2
00000093: POP
00000094: POP
00000095: PUSH1 0x40
00000097: MLOAD
00000098: DUP1
00000099: SWAP2
0000009a: SUB
0000009b: SWAP1
0000009c: RETURN
0000009d: JUMPDEST
0000009e: PUSH1 0x00
000000a0: DUP1
000000a1: DUP1
000000a2: SWAP1
000000a3: SLOAD
000000a4: SWAP1
000000a5: PUSH2 0x0100
000000a8: EXP
000000a9: SWAP1
000000aa: DIV
000000ab: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000c0: AND
000000c1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000d6: AND
000000d7: PUSH4 0x3c18d318
000000dc: DUP5
000000dd: PUSH1 0x00
000000df: PUSH1 0x40
000000e1: MLOAD
000000e2: PUSH1 0x20
000000e4: ADD
000000e5: MSTORE
000000e6: PUSH1 0x40
000000e8: MLOAD
000000e9: DUP3
000000ea: PUSH4 0xffffffff
000000ef: AND
000000f0: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000010e: MUL
0000010f: DUP2
00000110: MSTORE
00000111: PUSH1 0x04
00000113: ADD
00000114: DUP1
00000115: DUP3
00000116: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000012b: AND
0000012c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000141: AND
00000142: DUP2
00000143: MSTORE
00000144: PUSH1 0x20
00000146: ADD
00000147: SWAP2
00000148: POP
00000149: POP
0000014a: PUSH1 0x20
0000014c: PUSH1 0x40
0000014e: MLOAD
0000014f: DUP1
00000150: DUP4
00000151: SUB
00000152: DUP2
00000153: PUSH1 0x00
00000155: DUP8
00000156: DUP1
00000157: EXTCODESIZE
00000158: ISZERO
00000159: ISZERO
0000015a: PUSH2 0x0162
0000015d: JUMPI
0000015e: PUSH1 0x00
00000160: DUP1
00000161: REVERT
00000162: JUMPDEST
00000163: PUSH2 0x02c6
00000166: GAS
00000167: SUB
00000168: CALL
00000169: ISZERO
0000016a: ISZERO
0000016b: PUSH2 0x0173
0000016e: JUMPI
0000016f: PUSH1 0x00
00000171: DUP1
00000172: REVERT
00000173: JUMPDEST
00000174: POP
00000175: POP
00000176: POP
00000177: PUSH1 0x40
00000179: MLOAD
0000017a: DUP1
0000017b: MLOAD
0000017c: SWAP1
0000017d: POP
0000017e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000193: AND
00000194: PUSH1 0x00
00000196: CALLDATASIZE
00000197: PUSH1 0x40
00000199: MLOAD
0000019a: DUP1
0000019b: DUP4
0000019c: DUP4
0000019d: DUP1
0000019e: DUP3
0000019f: DUP5
000001a0: CALLDATACOPY
000001a1: DUP3
000001a2: ADD
000001a3: SWAP2
000001a4: POP
000001a5: POP
000001a6: SWAP3
000001a7: POP
000001a8: POP
000001a9: POP
000001aa: PUSH1 0x00
000001ac: PUSH1 0x40
000001ae: MLOAD
000001af: DUP1
000001b0: DUP4
000001b1: SUB
000001b2: DUP2
000001b3: DUP6
000001b4: PUSH2 0x646e
000001b7: GAS
000001b8: SUB
000001b9: DELEGATECALL
000001ba: SWAP2
000001bb: POP
000001bc: POP
000001bd: SWAP1
000001be: POP
000001bf: SWAP3
000001c0: SWAP2
000001c1: POP
000001c2: POP
000001c3: JUMP
000001c4: STOP
000001c5: LOG1
000001c6: PUSH6 0x627a7a723058
000001cd: KECCAK256
000001ce: PUSH1 0x54
000001d0: CALLCODE
000001d1: UNKNOWN(0xE2)
000001d2: SWAP14
000001d3: DUP10
000001d4: UNKNOWN(0xEF)
000001d5: PUSH26 0x361f686273b06e8b91a28dbc9593ee5202848966a54799090029

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0xe159edf9620458eeb101104cff2152a6aef159a8c8973abfd810b097dca1d6b0
call_targets: 0xa9a2514366e3d8b5f13e878d3befb13215c26006
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 13,
    "trace_id": "0xe159edf9620458eeb101104cff2152a6aef159a8c8973abfd810b097dca1d6b0",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xa9a2514366e3d8b5f13e878d3befb13215c26006"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xffffffff",
            "selector": "0xffffffff",
            "calldata_variants": [
                "0xffffffff",
                "0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6ea056a9",
            "selector": "0x6ea056a9",
            "calldata_variants": [
                "0x6ea056a9",
                "0x6ea056a90000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 441,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0xd4c8f31a666315525033416af428dc115cc63d4822bf8b4edb404658b8d0f1db
call_targets: 0xee867944c0d98c66e2dde05e25c0e426e8137915
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xd4c8f31a666315525033416af428dc115cc63d4822bf8b4edb404658b8d0f1db",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xee867944c0d98c66e2dde05e25c0e426e8137915"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xffffffff",
            "selector": "0xffffffff",
            "calldata_variants": [
                "0xffffffff",
                "0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6ea056a9",
            "selector": "0x6ea056a9",
            "calldata_variants": [
                "0x6ea056a9",
                "0x6ea056a90000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 360,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 464,
            "opcode": "CALLCODE",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 2,
    "guards_detected": [],
    "untrusted_call_count": 2
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0xd4c8f31a666315525033416af428dc115cc63d4822bf8b4edb404658b8d0f1db
call_targets: 0xee867944c0d98c66e2dde05e25c0e426e8137915
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xd4c8f31a666315525033416af428dc115cc63d4822bf8b4edb404658b8d0f1db",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xee867944c0d98c66e2dde05e25c0e426e8137915"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xffffffff",
            "selector": "0xffffffff",
            "calldata_variants": [
                "0xffffffff",
                "0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6ea056a9",
            "selector": "0x6ea056a9",
            "calldata_variants": [
                "0x6ea056a9",
                "0x6ea056a90000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 360,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 464,
            "opcode": "CALLCODE",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 2,
    "guards_detected": []
}