TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-bcee-713c-b173-f2e14ea03638

complete
Chain ID
1
Address
0x45838712af1aac4ae5113dc282a3759bd2201ba9
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
24153 artifact.fetch complete 1 / 3 3 months ago
24154 tool.cast_disasm complete 1 / 3 3 months ago
67478 analysis.bundle complete 1 / 3 2 weeks ago
67479 capability.graph complete 1 / 3 2 weeks ago
67480 detector.run complete 1 / 3 2 weeks ago
67481 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
121
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH1 0x58
00000008: JUMPI
00000009: PUSH1 0x40
0000000b: MLOAD
0000000c: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
0000002d: DUP2
0000002e: MSTORE
0000002f: PUSH1 0x04
00000031: ADD
00000032: DUP1
00000033: DUP1
00000034: PUSH1 0x20
00000036: ADD
00000037: DUP3
00000038: DUP2
00000039: SUB
0000003a: DUP3
0000003b: MSTORE
0000003c: PUSH1 0x29
0000003e: DUP2
0000003f: MSTORE
00000040: PUSH1 0x20
00000042: ADD
00000043: DUP1
00000044: PUSH1 0x81
00000046: PUSH1 0x29
00000048: SWAP2
00000049: CODECOPY
0000004a: PUSH1 0x40
0000004c: ADD
0000004d: SWAP2
0000004e: POP
0000004f: POP
00000050: PUSH1 0x40
00000052: MLOAD
00000053: DUP1
00000054: SWAP2
00000055: SUB
00000056: SWAP1
00000057: REVERT
00000058: JUMPDEST
00000059: PUSH1 0x00
0000005b: SLOAD
0000005c: CALLDATASIZE
0000005d: PUSH1 0x00
0000005f: DUP1
00000060: CALLDATACOPY
00000061: PUSH1 0x00
00000063: DUP1
00000064: CALLDATASIZE
00000065: PUSH1 0x00
00000067: DUP5
00000068: GAS
00000069: DELEGATECALL
0000006a: RETURNDATASIZE
0000006b: PUSH1 0x00
0000006d: DUP1
0000006e: RETURNDATACOPY
0000006f: DUP1
00000070: PUSH1 0x00
00000072: DUP2
00000073: EQ
00000074: PUSH1 0x7b
00000076: JUMPI
00000077: RETURNDATASIZE
00000078: PUSH1 0x00
0000007a: RETURN
0000007b: JUMPDEST
0000007c: RETURNDATASIZE
0000007d: PUSH1 0x00
0000007f: REVERT
00000080: INVALID
00000081: GAS
00000082: PUSH16 0x726155534443466f7277617264657250
00000093: PUSH19 0x6f78793a2063616e6e6f742061636365707420
000000a7: GASLIMIT
000000a8: SLOAD
000000a9: BASEFEE
000000aa: LOG2
000000ab: PUSH5 0x6970667358
000000b1: UNKNOWN(0x22)
000000b2: SLT
000000b3: KECCAK256
000000b4: LOG0
000000b5: UNKNOWN(0x21)
000000b6: UNKNOWN(0xAE)
000000b7: UNKNOWN(0xD4)
000000b8: SWAP7
000000b9: ORIGIN
000000ba: ADDRESS
000000bb: UNKNOWN(0xDE)
000000bc: UNKNOWN(0xE1)
000000bd: DUP10
000000be: UNKNOWN(0x21)
000000bf: DIFFICULTY
000000c0: DUP2
000000c1: UNKNOWN(0xAB)
000000c2: UNKNOWN(0x22)
000000c3: UNKNOWN(0xAF)
000000c4: DUP2
000000c5: PUSH4 0xefe1428a
000000ca: UNKNOWN(0x2A)
000000cb: UNKNOWN(0xE8)
000000cc: UNKNOWN(0x1F)
000000cd: TIMESTAMP
000000ce: DELEGATECALL
000000cf: SWAP1
000000d0: UNKNOWN(0xC6)
000000d1: ADDRESS
000000d2: UNKNOWN(0xE5)
000000d3: GASLIMIT
000000d4: PUSH5 0x736f6c6343
000000da: STOP
000000db: MOD
000000dc: ADDMOD
000000dd: STOP
000000de: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high upgradeability detector Untrusted DELEGATECALL target reachable 55 no no
view
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 10,
    "status": "unknown",
    "attempts": 11,
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 105,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 206,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 185,
            "type": "tx_origin_used"
        }
    ],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}
high auth detector Authorization based on tx.origin 70 no
view
validation_json 
{
    "reason": "missing sink mapping",
    "status": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 185,
            "type": "tx_origin_used"
        }
    ]
}