Analysis Run

019b477e-b44b-729a-b325-042ec2175db7

complete

Chain ID

1

Address

0x86ed5b9a56b9f9ee7b399a68999c658384941ca1

Block Number

—

Created

Mon, Dec 22, 2025 7:17 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Verified

Review Backing

Not yet

Best current signal

Authorization based on tx.origin

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
22701	artifact.fetch	complete	1 / 3	3 months ago
22702	tool.cast_disasm	complete	1 / 3	3 months ago
89537	analysis.bundle	complete	1 / 3	2 weeks ago
89538	capability.graph	complete	1 / 3	2 weeks ago
89539	detector.run	complete	1 / 3	2 weeks ago
89540	validation.fork	complete	1 / 3	2 weeks ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

1

CREATE2

0

CALL-family (heavy)

2

EXT*/BALANCE

2

Total opcodes

240

Flags

selfdestruct_present

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x004b
0000000c: JUMPI
0000000d: PUSH4 0xffffffff
00000012: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000030: PUSH1 0x00
00000032: CALLDATALOAD
00000033: DIV
00000034: AND
00000035: PUSH4 0x893d20e8
0000003a: DUP2
0000003b: EQ
0000003c: PUSH2 0x0064
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0xaad3ec96
00000046: EQ
00000047: PUSH2 0x0095
0000004a: JUMPI
0000004b: JUMPDEST
0000004c: PUSH1 0x00
0000004e: SLOAD
0000004f: PUSH1 0x01
00000051: PUSH1 0xa0
00000053: PUSH1 0x02
00000055: EXP
00000056: SUB
00000057: AND
00000058: CALLER
00000059: EQ
0000005a: PUSH2 0x0062
0000005d: JUMPI
0000005e: PUSH1 0x00
00000060: DUP1
00000061: REVERT
00000062: JUMPDEST
00000063: STOP
00000064: JUMPDEST
00000065: CALLVALUE
00000066: DUP1
00000067: ISZERO
00000068: PUSH2 0x0070
0000006b: JUMPI
0000006c: PUSH1 0x00
0000006e: DUP1
0000006f: REVERT
00000070: JUMPDEST
00000071: POP
00000072: PUSH2 0x0079
00000075: PUSH2 0x00b9
00000078: JUMP
00000079: JUMPDEST
0000007a: PUSH1 0x40
0000007c: DUP1
0000007d: MLOAD
0000007e: PUSH1 0x01
00000080: PUSH1 0xa0
00000082: PUSH1 0x02
00000084: EXP
00000085: SUB
00000086: SWAP1
00000087: SWAP3
00000088: AND
00000089: DUP3
0000008a: MSTORE
0000008b: MLOAD
0000008c: SWAP1
0000008d: DUP2
0000008e: SWAP1
0000008f: SUB
00000090: PUSH1 0x20
00000092: ADD
00000093: SWAP1
00000094: RETURN
00000095: JUMPDEST
00000096: CALLVALUE
00000097: DUP1
00000098: ISZERO
00000099: PUSH2 0x00a1
0000009c: JUMPI
0000009d: PUSH1 0x00
0000009f: DUP1
000000a0: REVERT
000000a1: JUMPDEST
000000a2: POP
000000a3: PUSH2 0x0062
000000a6: PUSH1 0x01
000000a8: PUSH1 0xa0
000000aa: PUSH1 0x02
000000ac: EXP
000000ad: SUB
000000ae: PUSH1 0x04
000000b0: CALLDATALOAD
000000b1: AND
000000b2: PUSH1 0x24
000000b4: CALLDATALOAD
000000b5: PUSH2 0x00c8
000000b8: JUMP
000000b9: JUMPDEST
000000ba: PUSH1 0x00
000000bc: SLOAD
000000bd: PUSH1 0x01
000000bf: PUSH1 0xa0
000000c1: PUSH1 0x02
000000c3: EXP
000000c4: SUB
000000c5: AND
000000c6: SWAP1
000000c7: JUMP
000000c8: JUMPDEST
000000c9: PUSH1 0x00
000000cb: SLOAD
000000cc: PUSH1 0x01
000000ce: PUSH1 0xa0
000000d0: PUSH1 0x02
000000d2: EXP
000000d3: SUB
000000d4: AND
000000d5: CALLER
000000d6: EQ
000000d7: PUSH2 0x00df
000000da: JUMPI
000000db: PUSH1 0x00
000000dd: DUP1
000000de: REVERT
000000df: JUMPDEST
000000e0: ADDRESS
000000e1: BALANCE
000000e2: DUP2
000000e3: GT
000000e4: ISZERO
000000e5: PUSH2 0x00ed
000000e8: JUMPI
000000e9: PUSH1 0x00
000000eb: DUP1
000000ec: REVERT
000000ed: JUMPDEST
000000ee: PUSH1 0x01
000000f0: PUSH1 0xa0
000000f2: PUSH1 0x02
000000f4: EXP
000000f5: SUB
000000f6: DUP3
000000f7: AND
000000f8: ISZERO
000000f9: ISZERO
000000fa: PUSH2 0x0102
000000fd: JUMPI
000000fe: PUSH1 0x00
00000100: DUP1
00000101: REVERT
00000102: JUMPDEST
00000103: PUSH1 0x40
00000105: MLOAD
00000106: PUSH1 0x01
00000108: PUSH1 0xa0
0000010a: PUSH1 0x02
0000010c: EXP
0000010d: SUB
0000010e: DUP4
0000010f: AND
00000110: SWAP1
00000111: DUP3
00000112: ISZERO
00000113: PUSH2 0x08fc
00000116: MUL
00000117: SWAP1
00000118: DUP4
00000119: SWAP1
0000011a: PUSH1 0x00
0000011c: DUP2
0000011d: DUP2
0000011e: DUP2
0000011f: DUP6
00000120: DUP9
00000121: DUP9
00000122: CALL
00000123: SWAP4
00000124: POP
00000125: POP
00000126: POP
00000127: POP
00000128: ISZERO
00000129: DUP1
0000012a: ISZERO
0000012b: PUSH2 0x0138
0000012e: JUMPI
0000012f: RETURNDATASIZE
00000130: PUSH1 0x00
00000132: DUP1
00000133: RETURNDATACOPY
00000134: RETURNDATASIZE
00000135: PUSH1 0x00
00000137: REVERT
00000138: JUMPDEST
00000139: POP
0000013a: POP
0000013b: POP
0000013c: JUMP
0000013d: STOP
0000013e: LOG1
0000013f: PUSH6 0x627a7a723058
00000146: KECCAK256
00000147: CALLDATALOAD
00000148: AND
00000149: PUSH2 0x7b9e
0000014c: SWAP16
0000014d: LOG2
0000014e: UNKNOWN(0xCB)
0000014f: UNKNOWN(0xA8)
00000150: SWAP7
00000151: CHAINID
00000152: UNKNOWN(0xE0)
00000153: EXTCODECOPY
00000154: UNKNOWN(0xD0)
00000155: BLOBHASH
00000156: DUP12
00000157: ADDRESS
00000158: RETURNDATACOPY
00000159: ORIGIN
0000015a: UNKNOWN(0xBF)
0000015b: NOT
0000015c: CALLDATASIZE
0000015d: CALLCODE
0000015e: UNKNOWN(0xBD)
0000015f: SWAP4
00000160: SELFDESTRUCT
00000161: DUP9
00000162: UNKNOWN(0xF6)
00000163: UNKNOWN(0xAA)
00000164: UNKNOWN(0x21)
00000165: UNKNOWN(0xC8)
00000166: ADD
00000167: STOP
00000168: UNKNOWN(0x29)

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	auth	detector	Authorization based on tx.origin	70	no	—	view validation_json { "reason": "missing sink mapping", "status": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x893d20e8", "selector": "0x893d20e8", "calldata_variants": [ "0x893d20e8", "0x893d20e80000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xaad3ec96", "selector": "0xaad3ec96", "calldata_variants": [ "0xaad3ec96", "0xaad3ec960000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "guards_detected": [ { "pc": 345, "type": "tx_origin_used" } ] }
medium	other	detector	Untrusted CALL target/value reachable	45	no	no	view trace_id: 0xdf383da1b096efef40abb8256cf050caf9e715970eb1a7d8a64206fe0caa8cac call_targets: 0x86ed5b9a56b9f9ee7b399a68999c658384941ca1 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xdf383da1b096efef40abb8256cf050caf9e715970eb1a7d8a64206fe0caa8cac", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x86ed5b9a56b9f9ee7b399a68999c658384941ca1" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x893d20e8", "selector": "0x893d20e8", "calldata_variants": [ "0x893d20e8", "0x893d20e80000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xaad3ec96", "selector": "0xaad3ec96", "calldata_variants": [ "0xaad3ec96", "0xaad3ec960000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 290, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 349, "opcode": "CALLCODE", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 2, "guards_detected": [ { "pc": 345, "type": "tx_origin_used" } ], "untrusted_call_count": 2 }
medium	other	detector	ETH value transfer possible	40	no	no	view trace_id: 0xdf383da1b096efef40abb8256cf050caf9e715970eb1a7d8a64206fe0caa8cac call_targets: 0x86ed5b9a56b9f9ee7b399a68999c658384941ca1 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xdf383da1b096efef40abb8256cf050caf9e715970eb1a7d8a64206fe0caa8cac", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x86ed5b9a56b9f9ee7b399a68999c658384941ca1" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x893d20e8", "selector": "0x893d20e8", "calldata_variants": [ "0x893d20e8", "0x893d20e80000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xaad3ec96", "selector": "0xaad3ec96", "calldata_variants": [ "0xaad3ec96", "0xaad3ec960000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 290, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 349, "opcode": "CALLCODE", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 2, "guards_detected": [ { "pc": 345, "type": "tx_origin_used" } ] }
medium	other	detector	SELFDESTRUCT reachable	45	no	no	view trace_id: 0x9dcd4759def6499823c744e3117e475b5cfb657357edfe0611e33908111088c8 validation_json { "sink": "SELFDESTRUCT", "errors": 0, "status": "unknown", "attempts": 4, "trace_id": "0x9dcd4759def6499823c744e3117e475b5cfb657357edfe0611e33908111088c8", "confirmed": false, "trace_mode": "structLogs", "call_targets": null, "matched_probe": null, "target_varies": null, "classification": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x893d20e8", "selector": "0x893d20e8", "calldata_variants": [ "0x893d20e8", "0x893d20e80000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xaad3ec96", "selector": "0xaad3ec96", "calldata_variants": [ "0xaad3ec96", "0xaad3ec960000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "guards_detected": [ { "pc": 345, "type": "tx_origin_used" } ], "selfdestruct_count": 1 }