TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-b636-7307-8e80-e97430301667

complete
Chain ID
1
Address
0xd1d45a99e04cd3e50c1bbfd8f98e4a6ba3602121
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
23079 artifact.fetch complete 1 / 3 3 months ago
23080 tool.cast_disasm complete 1 / 3 3 months ago
66742 analysis.bundle complete 1 / 3 2 weeks ago
66743 capability.graph complete 1 / 3 2 weeks ago
66744 detector.run complete 1 / 3 2 weeks ago
66745 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
267
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x001e
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x7de7edef
00000019: EQ
0000001a: PUSH2 0x005d
0000001d: JUMPI
0000001e: JUMPDEST
0000001f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000034: PUSH1 0x00
00000036: SLOAD
00000037: AND
00000038: CALLDATASIZE
00000039: PUSH1 0x00
0000003b: DUP1
0000003c: CALLDATACOPY
0000003d: PUSH1 0x00
0000003f: DUP1
00000040: CALLDATASIZE
00000041: PUSH1 0x00
00000043: DUP5
00000044: GAS
00000045: DELEGATECALL
00000046: RETURNDATASIZE
00000047: PUSH1 0x00
00000049: DUP1
0000004a: RETURNDATACOPY
0000004b: PUSH1 0x00
0000004d: DUP2
0000004e: EQ
0000004f: ISZERO
00000050: PUSH2 0x0058
00000053: JUMPI
00000054: RETURNDATASIZE
00000055: PUSH1 0x00
00000057: REVERT
00000058: JUMPDEST
00000059: RETURNDATASIZE
0000005a: PUSH1 0x00
0000005c: RETURN
0000005d: JUMPDEST
0000005e: CALLVALUE
0000005f: DUP1
00000060: ISZERO
00000061: PUSH2 0x0069
00000064: JUMPI
00000065: PUSH1 0x00
00000067: DUP1
00000068: REVERT
00000069: JUMPDEST
0000006a: POP
0000006b: PUSH2 0x00ac
0000006e: PUSH1 0x04
00000070: DUP1
00000071: CALLDATASIZE
00000072: SUB
00000073: PUSH1 0x20
00000075: DUP2
00000076: LT
00000077: ISZERO
00000078: PUSH2 0x0080
0000007b: JUMPI
0000007c: PUSH1 0x00
0000007e: DUP1
0000007f: REVERT
00000080: JUMPDEST
00000081: DUP2
00000082: ADD
00000083: SWAP1
00000084: DUP1
00000085: DUP1
00000086: CALLDATALOAD
00000087: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000009c: AND
0000009d: SWAP1
0000009e: PUSH1 0x20
000000a0: ADD
000000a1: SWAP1
000000a2: SWAP3
000000a3: SWAP2
000000a4: SWAP1
000000a5: POP
000000a6: POP
000000a7: POP
000000a8: PUSH2 0x00ae
000000ab: JUMP
000000ac: JUMPDEST
000000ad: STOP
000000ae: JUMPDEST
000000af: ADDRESS
000000b0: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000c5: AND
000000c6: CALLER
000000c7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000dc: AND
000000dd: EQ
000000de: PUSH2 0x0132
000000e1: JUMPI
000000e2: PUSH1 0x40
000000e4: MLOAD
000000e5: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000106: DUP2
00000107: MSTORE
00000108: PUSH1 0x04
0000010a: ADD
0000010b: DUP1
0000010c: DUP1
0000010d: PUSH1 0x20
0000010f: ADD
00000110: DUP3
00000111: DUP2
00000112: SUB
00000113: DUP3
00000114: MSTORE
00000115: PUSH1 0x2c
00000117: DUP2
00000118: MSTORE
00000119: PUSH1 0x20
0000011b: ADD
0000011c: DUP1
0000011d: PUSH2 0x0220
00000120: PUSH1 0x2c
00000122: SWAP2
00000123: CODECOPY
00000124: PUSH1 0x40
00000126: ADD
00000127: SWAP2
00000128: POP
00000129: POP
0000012a: PUSH1 0x40
0000012c: MLOAD
0000012d: DUP1
0000012e: SWAP2
0000012f: SUB
00000130: SWAP1
00000131: REVERT
00000132: JUMPDEST
00000133: PUSH1 0x00
00000135: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000014a: AND
0000014b: DUP2
0000014c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000161: AND
00000162: EQ
00000163: ISZERO
00000164: PUSH2 0x01b8
00000167: JUMPI
00000168: PUSH1 0x40
0000016a: MLOAD
0000016b: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
0000018c: DUP2
0000018d: MSTORE
0000018e: PUSH1 0x04
00000190: ADD
00000191: DUP1
00000192: DUP1
00000193: PUSH1 0x20
00000195: ADD
00000196: DUP3
00000197: DUP2
00000198: SUB
00000199: DUP3
0000019a: MSTORE
0000019b: PUSH1 0x24
0000019d: DUP2
0000019e: MSTORE
0000019f: PUSH1 0x20
000001a1: ADD
000001a2: DUP1
000001a3: PUSH2 0x01fc
000001a6: PUSH1 0x24
000001a8: SWAP2
000001a9: CODECOPY
000001aa: PUSH1 0x40
000001ac: ADD
000001ad: SWAP2
000001ae: POP
000001af: POP
000001b0: PUSH1 0x40
000001b2: MLOAD
000001b3: DUP1
000001b4: SWAP2
000001b5: SUB
000001b6: SWAP1
000001b7: REVERT
000001b8: JUMPDEST
000001b9: DUP1
000001ba: PUSH1 0x00
000001bc: DUP1
000001bd: PUSH2 0x0100
000001c0: EXP
000001c1: DUP2
000001c2: SLOAD
000001c3: DUP2
000001c4: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001d9: MUL
000001da: NOT
000001db: AND
000001dc: SWAP1
000001dd: DUP4
000001de: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001f3: AND
000001f4: MUL
000001f5: OR
000001f6: SWAP1
000001f7: SSTORE
000001f8: POP
000001f9: POP
000001fa: JUMP
000001fb: INVALID
000001fc: BLOBHASH
000001fd: PUSH15 0x76616c6964206d617374657220636f
0000020d: PUSH17 0x7920616464726573732070726f76696465
0000021f: PUSH5 0x4d6574686f
00000225: PUSH5 0x2063616e20
0000022b: PUSH16 0x6e6c792062652063616c6c6564206672
0000023c: PUSH16 0x6d207468697320636f6e7472616374a2
0000024d: PUSH6 0x627a7a723058
00000254: KECCAK256
00000255: GAS
00000256: CALLDATACOPY
00000257: MUL
00000258: SWAP14
00000259: UNKNOWN(0x26)
0000025a: SWAP13
0000025b: UNKNOWN(0xFB)
0000025c: UNKNOWN(0x27)
0000025d: MSTORE8
0000025e: CALLER
0000025f: LOG2
00000260: UNKNOWN(0xA5)
00000261: CALLDATACOPY
00000262: LT
00000263: UNKNOWN(0xDE)
00000264: UNKNOWN(0xBD)
00000265: DUP6
00000266: CALLDATASIZE
00000267: EXP
00000268: CALLDATACOPY
00000269: SWAP11
0000026a: DUP2
0000026b: SLT
0000026c: LOG4
0000026d: UNKNOWN(0xE4)
0000026e: SLOAD
0000026f: CHAINID
00000270: UNKNOWN(0xD9)
00000271: SWAP14
00000272: SLT
00000273: DUP4
00000274: UNKNOWN(0xC1)
00000275: PUSH5 0x736f6c6343
0000027b: STOP
0000027c: SDIV
0000027d: EXP
0000027e: STOP
0000027f: ORIGIN

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high upgradeability detector Untrusted DELEGATECALL target reachable 55 no no
view
trace_id: 0x423c6ab9d81088ba73942b57dabac344d90c7084f46df1a4955e2700a585b695
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 12,
    "trace_id": "0x423c6ab9d81088ba73942b57dabac344d90c7084f46df1a4955e2700a585b695",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x7de7edef",
            "selector": "0x7de7edef",
            "calldata_variants": [
                "0x7de7edef",
                "0x7de7edef0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 69,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 198,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 639,
            "type": "tx_origin_used"
        }
    ],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
high auth detector Authorization based on tx.origin 70 no
view
validation_json 
{
    "reason": "missing sink mapping",
    "status": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x7de7edef",
            "selector": "0x7de7edef",
            "calldata_variants": [
                "0x7de7edef",
                "0x7de7edef0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 198,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 639,
            "type": "tx_origin_used"
        }
    ]
}