TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-b741-70fa-aea0-cac527a6c897

complete
Chain ID
1
Address
0x31cf9c7847c979313fe27eadfcc847a8a0252d86
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
23239 artifact.fetch complete 1 / 3 3 months ago
23240 tool.cast_disasm complete 1 / 3 3 months ago
66386 analysis.bundle complete 1 / 3 2 weeks ago
66387 capability.graph complete 1 / 3 2 weeks ago
66388 detector.run complete 1 / 3 2 weeks ago
66389 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
382
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x004c
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
0000002e: SWAP1
0000002f: DIV
00000030: PUSH4 0xffffffff
00000035: AND
00000036: DUP1
00000037: PUSH4 0x2bc38f78
0000003c: EQ
0000003d: PUSH2 0x00bb
00000040: JUMPI
00000041: DUP1
00000042: PUSH4 0x5c60da1b
00000047: EQ
00000048: PUSH2 0x018a
0000004b: JUMPI
0000004c: JUMPDEST
0000004d: PUSH1 0x00
0000004f: PUSH2 0x0056
00000052: PUSH2 0x01e1
00000055: JUMP
00000056: JUMPDEST
00000057: SWAP1
00000058: POP
00000059: PUSH1 0x00
0000005b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000070: AND
00000071: DUP2
00000072: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000087: AND
00000088: EQ
00000089: ISZERO
0000008a: ISZERO
0000008b: ISZERO
0000008c: PUSH2 0x0094
0000008f: JUMPI
00000090: PUSH1 0x00
00000092: DUP1
00000093: REVERT
00000094: JUMPDEST
00000095: PUSH1 0x40
00000097: MLOAD
00000098: CALLDATASIZE
00000099: PUSH1 0x00
0000009b: DUP3
0000009c: CALLDATACOPY
0000009d: PUSH1 0x00
0000009f: DUP1
000000a0: CALLDATASIZE
000000a1: DUP4
000000a2: DUP6
000000a3: GAS
000000a4: DELEGATECALL
000000a5: RETURNDATASIZE
000000a6: DUP1
000000a7: PUSH1 0x00
000000a9: DUP5
000000aa: RETURNDATACOPY
000000ab: DUP2
000000ac: PUSH1 0x00
000000ae: DUP2
000000af: EQ
000000b0: PUSH2 0x00b7
000000b3: JUMPI
000000b4: DUP2
000000b5: DUP5
000000b6: RETURN
000000b7: JUMPDEST
000000b8: DUP2
000000b9: DUP5
000000ba: REVERT
000000bb: JUMPDEST
000000bc: CALLVALUE
000000bd: DUP1
000000be: ISZERO
000000bf: PUSH2 0x00c7
000000c2: JUMPI
000000c3: PUSH1 0x00
000000c5: DUP1
000000c6: REVERT
000000c7: JUMPDEST
000000c8: POP
000000c9: PUSH2 0x0188
000000cc: PUSH1 0x04
000000ce: DUP1
000000cf: CALLDATASIZE
000000d0: SUB
000000d1: DUP2
000000d2: ADD
000000d3: SWAP1
000000d4: DUP1
000000d5: DUP1
000000d6: CALLDATALOAD
000000d7: SWAP1
000000d8: PUSH1 0x20
000000da: ADD
000000db: SWAP1
000000dc: DUP3
000000dd: ADD
000000de: DUP1
000000df: CALLDATALOAD
000000e0: SWAP1
000000e1: PUSH1 0x20
000000e3: ADD
000000e4: SWAP1
000000e5: DUP1
000000e6: DUP1
000000e7: PUSH1 0x1f
000000e9: ADD
000000ea: PUSH1 0x20
000000ec: DUP1
000000ed: SWAP2
000000ee: DIV
000000ef: MUL
000000f0: PUSH1 0x20
000000f2: ADD
000000f3: PUSH1 0x40
000000f5: MLOAD
000000f6: SWAP1
000000f7: DUP2
000000f8: ADD
000000f9: PUSH1 0x40
000000fb: MSTORE
000000fc: DUP1
000000fd: SWAP4
000000fe: SWAP3
000000ff: SWAP2
00000100: SWAP1
00000101: DUP2
00000102: DUP2
00000103: MSTORE
00000104: PUSH1 0x20
00000106: ADD
00000107: DUP4
00000108: DUP4
00000109: DUP1
0000010a: DUP3
0000010b: DUP5
0000010c: CALLDATACOPY
0000010d: DUP3
0000010e: ADD
0000010f: SWAP2
00000110: POP
00000111: POP
00000112: POP
00000113: POP
00000114: POP
00000115: POP
00000116: SWAP2
00000117: SWAP3
00000118: SWAP2
00000119: SWAP3
0000011a: SWAP1
0000011b: DUP1
0000011c: CALLDATALOAD
0000011d: SWAP1
0000011e: PUSH1 0x20
00000120: ADD
00000121: SWAP1
00000122: DUP3
00000123: ADD
00000124: DUP1
00000125: CALLDATALOAD
00000126: SWAP1
00000127: PUSH1 0x20
00000129: ADD
0000012a: SWAP1
0000012b: DUP1
0000012c: DUP1
0000012d: PUSH1 0x1f
0000012f: ADD
00000130: PUSH1 0x20
00000132: DUP1
00000133: SWAP2
00000134: DIV
00000135: MUL
00000136: PUSH1 0x20
00000138: ADD
00000139: PUSH1 0x40
0000013b: MLOAD
0000013c: SWAP1
0000013d: DUP2
0000013e: ADD
0000013f: PUSH1 0x40
00000141: MSTORE
00000142: DUP1
00000143: SWAP4
00000144: SWAP3
00000145: SWAP2
00000146: SWAP1
00000147: DUP2
00000148: DUP2
00000149: MSTORE
0000014a: PUSH1 0x20
0000014c: ADD
0000014d: DUP4
0000014e: DUP4
0000014f: DUP1
00000150: DUP3
00000151: DUP5
00000152: CALLDATACOPY
00000153: DUP3
00000154: ADD
00000155: SWAP2
00000156: POP
00000157: POP
00000158: POP
00000159: POP
0000015a: POP
0000015b: POP
0000015c: SWAP2
0000015d: SWAP3
0000015e: SWAP2
0000015f: SWAP3
00000160: SWAP1
00000161: DUP1
00000162: CALLDATALOAD
00000163: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000178: AND
00000179: SWAP1
0000017a: PUSH1 0x20
0000017c: ADD
0000017d: SWAP1
0000017e: SWAP3
0000017f: SWAP2
00000180: SWAP1
00000181: POP
00000182: POP
00000183: POP
00000184: PUSH2 0x020b
00000187: JUMP
00000188: JUMPDEST
00000189: STOP
0000018a: JUMPDEST
0000018b: CALLVALUE
0000018c: DUP1
0000018d: ISZERO
0000018e: PUSH2 0x0196
00000191: JUMPI
00000192: PUSH1 0x00
00000194: DUP1
00000195: REVERT
00000196: JUMPDEST
00000197: POP
00000198: PUSH2 0x019f
0000019b: PUSH2 0x01e1
0000019e: JUMP
0000019f: JUMPDEST
000001a0: PUSH1 0x40
000001a2: MLOAD
000001a3: DUP1
000001a4: DUP3
000001a5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001ba: AND
000001bb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001d0: AND
000001d1: DUP2
000001d2: MSTORE
000001d3: PUSH1 0x20
000001d5: ADD
000001d6: SWAP2
000001d7: POP
000001d8: POP
000001d9: PUSH1 0x40
000001db: MLOAD
000001dc: DUP1
000001dd: SWAP2
000001de: SUB
000001df: SWAP1
000001e0: RETURN
000001e1: JUMPDEST
000001e2: PUSH1 0x00
000001e4: PUSH1 0x01
000001e6: PUSH1 0x00
000001e8: SWAP1
000001e9: SLOAD
000001ea: SWAP1
000001eb: PUSH2 0x0100
000001ee: EXP
000001ef: SWAP1
000001f0: DIV
000001f1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000206: AND
00000207: SWAP1
00000208: POP
00000209: SWAP1
0000020a: JUMP
0000020b: JUMPDEST
0000020c: PUSH1 0x00
0000020e: DUP1
0000020f: SWAP1
00000210: SLOAD
00000211: SWAP1
00000212: PUSH2 0x0100
00000215: EXP
00000216: SWAP1
00000217: DIV
00000218: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000022d: AND
0000022e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000243: AND
00000244: CALLER
00000245: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000025a: AND
0000025b: EQ
0000025c: ISZERO
0000025d: ISZERO
0000025e: PUSH2 0x0266
00000261: JUMPI
00000262: PUSH1 0x00
00000264: DUP1
00000265: REVERT
00000266: JUMPDEST
00000267: PUSH1 0x00
00000269: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000027e: AND
0000027f: DUP2
00000280: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000295: AND
00000296: EQ
00000297: ISZERO
00000298: ISZERO
00000299: ISZERO
0000029a: PUSH2 0x02a2
0000029d: JUMPI
0000029e: PUSH1 0x00
000002a0: DUP1
000002a1: REVERT
000002a2: JUMPDEST
000002a3: DUP1
000002a4: PUSH1 0x01
000002a6: PUSH1 0x00
000002a8: PUSH2 0x0100
000002ab: EXP
000002ac: DUP2
000002ad: SLOAD
000002ae: DUP2
000002af: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002c4: MUL
000002c5: NOT
000002c6: AND
000002c7: SWAP1
000002c8: DUP4
000002c9: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002de: AND
000002df: MUL
000002e0: OR
000002e1: SWAP1
000002e2: SSTORE
000002e3: POP
000002e4: POP
000002e5: POP
000002e6: POP
000002e7: JUMP
000002e8: STOP
000002e9: LOG1
000002ea: PUSH6 0x627a7a723058
000002f1: KECCAK256
000002f2: UNKNOWN(0x26)
000002f3: PUSH15 0x2105873a82d4af9bbdbebef4389e82
00000303: DUP14
00000304: DUP8
00000305: UNKNOWN(0xA6)
00000306: TLOAD
00000307: UNKNOWN(0xFB)
00000308: SWAP1
00000309: SMOD
0000030a: SWAP1
0000030b: UNKNOWN(0xBC)
0000030c: UNKNOWN(0xDC)
0000030d: DUP13
0000030e: DUP13
0000030f: PUSH12

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high upgradeability detector Untrusted DELEGATECALL target reachable 55 no no
view
trace_id: 0xff4becb871ef8a0589de538b2454e2129f44d6aa1d1f13efe337859aed5df983
call_targets: 0x7b7f205679ae0419ccaa36ea2def09cfc2497c8d
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xff4becb871ef8a0589de538b2454e2129f44d6aa1d1f13efe337859aed5df983",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x7b7f205679ae0419ccaa36ea2def09cfc2497c8d"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xffffffff",
            "selector": "0xffffffff",
            "calldata_variants": [
                "0xffffffff",
                "0xffffffff0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x2bc38f78",
            "selector": "0x2bc38f78",
            "calldata_variants": [
                "0x2bc38f78",
                "0x2bc38f780000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5c60da1b",
            "selector": "0x5c60da1b",
            "calldata_variants": [
                "0x5c60da1b",
                "0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 164,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 580,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}