Analysis Run

019b477e-b460-71b2-bdb0-fa70ab38d4fd

complete

Chain ID

1

Address

0xc8f1834b672461d97b896310eb52271d1c2f6640

Block Number

—

Created

Mon, Dec 22, 2025 7:17 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Untrusted CALL target/value reachable

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
22719	artifact.fetch	complete	1 / 3	4 months ago
22720	tool.cast_disasm	complete	1 / 3	4 months ago
89513	analysis.bundle	complete	1 / 3	2 weeks ago
89514	capability.graph	complete	1 / 3	2 weeks ago
89515	detector.run	complete	1 / 3	2 weeks ago
89516	validation.fork	complete	1 / 3	2 weeks ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

1

EXT*/BALANCE

1

Total opcodes

347

Flags

No heuristic flags raised.

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x004c
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002e: SWAP1
0000002f: DIV
00000030: PUSH4 0xffffffff
00000035: AND
00000036: DUP1
00000037: PUSH4 0xb5c5f672
0000003c: EQ
0000003d: PUSH2 0x0051
00000040: JUMPI
00000041: DUP1
00000042: PUSH4 0xedca914c
00000047: EQ
00000048: PUSH2 0x00a8
0000004b: JUMPI
0000004c: JUMPDEST
0000004d: PUSH1 0x00
0000004f: DUP1
00000050: REVERT
00000051: JUMPDEST
00000052: CALLVALUE
00000053: DUP1
00000054: ISZERO
00000055: PUSH2 0x005d
00000058: JUMPI
00000059: PUSH1 0x00
0000005b: DUP1
0000005c: REVERT
0000005d: JUMPDEST
0000005e: POP
0000005f: PUSH2 0x00a6
00000062: PUSH1 0x04
00000064: DUP1
00000065: CALLDATASIZE
00000066: SUB
00000067: DUP2
00000068: ADD
00000069: SWAP1
0000006a: DUP1
0000006b: DUP1
0000006c: CALLDATALOAD
0000006d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000082: AND
00000083: SWAP1
00000084: PUSH1 0x20
00000086: ADD
00000087: SWAP1
00000088: SWAP3
00000089: SWAP2
0000008a: SWAP1
0000008b: DUP1
0000008c: CALLDATALOAD
0000008d: SWAP1
0000008e: PUSH1 0x20
00000090: ADD
00000091: SWAP1
00000092: SWAP3
00000093: SWAP2
00000094: SWAP1
00000095: DUP1
00000096: CALLDATALOAD
00000097: SWAP1
00000098: PUSH1 0x20
0000009a: ADD
0000009b: SWAP1
0000009c: SWAP3
0000009d: SWAP2
0000009e: SWAP1
0000009f: POP
000000a0: POP
000000a1: POP
000000a2: PUSH2 0x00b2
000000a5: JUMP
000000a6: JUMPDEST
000000a7: STOP
000000a8: JUMPDEST
000000a9: PUSH2 0x00b0
000000ac: PUSH2 0x0207
000000af: JUMP
000000b0: JUMPDEST
000000b1: STOP
000000b2: JUMPDEST
000000b3: PUSH1 0x00
000000b5: DUP1
000000b6: SWAP1
000000b7: SLOAD
000000b8: SWAP1
000000b9: PUSH2 0x0100
000000bc: EXP
000000bd: SWAP1
000000be: DIV
000000bf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000d4: AND
000000d5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000ea: AND
000000eb: CALLER
000000ec: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000101: AND
00000102: EQ
00000103: ISZERO
00000104: ISZERO
00000105: PUSH2 0x0176
00000108: JUMPI
00000109: PUSH1 0x40
0000010b: MLOAD
0000010c: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
0000012d: DUP2
0000012e: MSTORE
0000012f: PUSH1 0x04
00000131: ADD
00000132: DUP1
00000133: DUP1
00000134: PUSH1 0x20
00000136: ADD
00000137: DUP3
00000138: DUP2
00000139: SUB
0000013a: DUP3
0000013b: MSTORE
0000013c: PUSH1 0x0e
0000013e: DUP2
0000013f: MSTORE
00000140: PUSH1 0x20
00000142: ADD
00000143: DUP1
00000144: PUSH32 0x6f6e6c7920666f722061646d696e000000000000000000000000000000000000
00000165: DUP2
00000166: MSTORE
00000167: POP
00000168: PUSH1 0x20
0000016a: ADD
0000016b: SWAP2
0000016c: POP
0000016d: POP
0000016e: PUSH1 0x40
00000170: MLOAD
00000171: DUP1
00000172: SWAP2
00000173: SUB
00000174: SWAP1
00000175: REVERT
00000176: JUMPDEST
00000177: DUP3
00000178: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000018d: AND
0000018e: PUSH2 0x08fc
00000191: DUP4
00000192: SWAP1
00000193: DUP2
00000194: ISZERO
00000195: MUL
00000196: SWAP1
00000197: PUSH1 0x40
00000199: MLOAD
0000019a: PUSH1 0x00
0000019c: PUSH1 0x40
0000019e: MLOAD
0000019f: DUP1
000001a0: DUP4
000001a1: SUB
000001a2: DUP2
000001a3: DUP6
000001a4: DUP9
000001a5: DUP9
000001a6: CALL
000001a7: SWAP4
000001a8: POP
000001a9: POP
000001aa: POP
000001ab: POP
000001ac: ISZERO
000001ad: DUP1
000001ae: ISZERO
000001af: PUSH2 0x01bc
000001b2: JUMPI
000001b3: RETURNDATASIZE
000001b4: PUSH1 0x00
000001b6: DUP1
000001b7: RETURNDATACOPY
000001b8: RETURNDATASIZE
000001b9: PUSH1 0x00
000001bb: REVERT
000001bc: JUMPDEST
000001bd: POP
000001be: DUP1
000001bf: DUP3
000001c0: DUP5
000001c1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001d6: AND
000001d7: PUSH32 0xf279e6a1f5e320cca91135676d9cb6e44ca8a08c0b88342bcdb1144f6511b568
000001f8: PUSH1 0x40
000001fa: MLOAD
000001fb: PUSH1 0x40
000001fd: MLOAD
000001fe: DUP1
000001ff: SWAP2
00000200: SUB
00000201: SWAP1
00000202: LOG4
00000203: POP
00000204: POP
00000205: POP
00000206: JUMP
00000207: JUMPDEST
00000208: PUSH1 0x00
0000020a: DUP1
0000020b: CALLER
0000020c: SWAP2
0000020d: POP
0000020e: DUP2
0000020f: EXTCODESIZE
00000210: SWAP1
00000211: POP
00000212: PUSH1 0x00
00000214: DUP2
00000215: EQ
00000216: ISZERO
00000217: ISZERO
00000218: PUSH2 0x0289
0000021b: JUMPI
0000021c: PUSH1 0x40
0000021e: MLOAD
0000021f: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000240: DUP2
00000241: MSTORE
00000242: PUSH1 0x04
00000244: ADD
00000245: DUP1
00000246: DUP1
00000247: PUSH1 0x20
00000249: ADD
0000024a: DUP3
0000024b: DUP2
0000024c: SUB
0000024d: DUP3
0000024e: MSTORE
0000024f: PUSH1 0x11
00000251: DUP2
00000252: MSTORE
00000253: PUSH1 0x20
00000255: ADD
00000256: DUP1
00000257: PUSH32 0x736f7272792068756d616e73206f6e6c79000000000000000000000000000000
00000278: DUP2
00000279: MSTORE
0000027a: POP
0000027b: PUSH1 0x20
0000027d: ADD
0000027e: SWAP2
0000027f: POP
00000280: POP
00000281: PUSH1 0x40
00000283: MLOAD
00000284: DUP1
00000285: SWAP2
00000286: SUB
00000287: SWAP1
00000288: REVERT
00000289: JUMPDEST
0000028a: CALLVALUE
0000028b: PUSH8 0x0de0b6b3a7640000
00000294: DUP2
00000295: EQ
00000296: ISZERO
00000297: ISZERO
00000298: PUSH2 0x0309
0000029b: JUMPI
0000029c: PUSH1 0x40
0000029e: MLOAD
0000029f: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000002c0: DUP2
000002c1: MSTORE
000002c2: PUSH1 0x04
000002c4: ADD
000002c5: DUP1
000002c6: DUP1
000002c7: PUSH1 0x20
000002c9: ADD
000002ca: DUP3
000002cb: DUP2
000002cc: SUB
000002cd: DUP3
000002ce: MSTORE
000002cf: PUSH1 0x1a
000002d1: DUP2
000002d2: MSTORE
000002d3: PUSH1 0x20
000002d5: ADD
000002d6: DUP1
000002d7: PUSH32 0x706c6561736520757365207269676874206275792076616c7565000000000000
000002f8: DUP2
000002f9: MSTORE
000002fa: POP
000002fb: PUSH1 0x20
000002fd: ADD
000002fe: SWAP2
000002ff: POP
00000300: POP
00000301: PUSH1 0x40
00000303: MLOAD
00000304: DUP1
00000305: SWAP2
00000306: SUB
00000307: SWAP1
00000308: REVERT
00000309: JUMPDEST
0000030a: CALLER
0000030b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000320: AND
00000321: PUSH32 0x4b83618135e55b0c4ac28ec8f2bfb79253ebc684f4cd2dc84b52799f9ba116e1
00000342: PUSH1 0x40
00000344: MLOAD
00000345: PUSH1 0x40
00000347: MLOAD
00000348: DUP1
00000349: SWAP2
0000034a: SUB
0000034b: SWAP1
0000034c: LOG2
0000034d: POP
0000034e: POP
0000034f: POP
00000350: JUMP
00000351: STOP
00000352: LOG1
00000353: PUSH6 0x627a7a723058
0000035a: KECCAK256
0000035b: INVALID
0000035c: SWAP16
0000035d: UNKNOWN(0xFB)
0000035e: SIGNEXTEND
0000035f: UNKNOWN(0x2D)
00000360: PUSH16 0x5ff0c18975265f2aa30d9c4a887ee2d0
00000371: MCOPY
00000372: UNKNOWN(0xB8)
00000373: PUSH8 0xf0862566bbbebd00
0000037c: UNKNOWN(0x29)

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
medium	other	detector	Untrusted CALL target/value reachable	45	no	no	view trace_id: 0xaa4dcfffdafc351494453a4225936e643bc2b902fcfb5a0f35b014fc116039f3 call_targets: 0xc8f1834b672461d97b896310eb52271d1c2f6640 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xaa4dcfffdafc351494453a4225936e643bc2b902fcfb5a0f35b014fc116039f3", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xc8f1834b672461d97b896310eb52271d1c2f6640" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0xffffffff", "selector": "0xffffffff", "calldata_variants": [ "0xffffffff", "0xffffffff0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xb5c5f672", "selector": "0xb5c5f672", "calldata_variants": [ "0xb5c5f672", "0xb5c5f6720000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xedca914c", "selector": "0xedca914c", "calldata_variants": [ "0xedca914c", "0xedca914c0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 422, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 1, "guards_detected": [ { "pc": 235, "type": "msg_sender_eq_const", "value": "0xffffffffffffffffffffffffffffffffffffffff" } ], "untrusted_call_count": 1 }
medium	other	detector	ETH value transfer possible	40	no	no	view trace_id: 0xaa4dcfffdafc351494453a4225936e643bc2b902fcfb5a0f35b014fc116039f3 call_targets: 0xc8f1834b672461d97b896310eb52271d1c2f6640 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xaa4dcfffdafc351494453a4225936e643bc2b902fcfb5a0f35b014fc116039f3", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xc8f1834b672461d97b896310eb52271d1c2f6640" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0xffffffff", "selector": "0xffffffff", "calldata_variants": [ "0xffffffff", "0xffffffff0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xb5c5f672", "selector": "0xb5c5f672", "calldata_variants": [ "0xb5c5f672", "0xb5c5f6720000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xedca914c", "selector": "0xedca914c", "calldata_variants": [ "0xedca914c", "0xedca914c0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 422, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 1, "guards_detected": [ { "pc": 235, "type": "msg_sender_eq_const", "value": "0xffffffffffffffffffffffffffffffffffffffff" } ] }

Severity

Category

Tool

Title

Confidence

Validated

Confirmed

Details

medium

other

detector

Untrusted CALL target/value reachable

45

no

view

trace_id: 0xaa4dcfffdafc351494453a4225936e643bc2b902fcfb5a0f35b014fc116039f3

call_targets: 0xc8f1834b672461d97b896310eb52271d1c2f6640

target_varies: no

classification: constant_target

validation_json

{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xaa4dcfffdafc351494453a4225936e643bc2b902fcfb5a0f35b014fc116039f3",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xc8f1834b672461d97b896310eb52271d1c2f6640"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xffffffff",
            "selector": "0xffffffff",
            "calldata_variants": [
                "0xffffffff",
                "0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xb5c5f672",
            "selector": "0xb5c5f672",
            "calldata_variants": [
                "0xb5c5f672",
                "0xb5c5f6720000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xedca914c",
            "selector": "0xedca914c",
            "calldata_variants": [
                "0xedca914c",
                "0xedca914c0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "examples": [
        {
            "pc": 422,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [
        {
            "pc": 235,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "untrusted_call_count": 1
}