Analysis Run

019b477e-be43-73ba-8192-99bf356559c9

complete

Chain ID

1

Address

0x230731528a32a11122426e7688e8d9050a484a77

Block Number

—

Created

Mon, Dec 22, 2025 7:17 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Verified

Review Backing

Not yet

Best current signal

Untrusted CALL target/value reachable

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
24357	artifact.fetch	complete	1 / 3	3 months ago
24358	tool.cast_disasm	complete	1 / 3	3 months ago
67858	analysis.bundle	complete	1 / 3	1 week ago
67859	capability.graph	complete	1 / 3	1 week ago
67860	detector.run	complete	1 / 3	1 week ago
67861	validation.fork	complete	1 / 3	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

3

EXT*/BALANCE

2

Total opcodes

533

Flags

No heuristic flags raised.

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x003f
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x5bb47808
00000019: EQ
0000001a: PUSH2 0x0041
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0xa9059cbb
00000024: EQ
00000025: PUSH2 0x0074
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0xc45a0155
0000002f: EQ
00000030: PUSH2 0x00ad
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xf640d508
0000003a: EQ
0000003b: PUSH2 0x00de
0000003e: JUMPI
0000003f: JUMPDEST
00000040: STOP
00000041: JUMPDEST
00000042: CALLVALUE
00000043: DUP1
00000044: ISZERO
00000045: PUSH2 0x004d
00000048: JUMPI
00000049: PUSH1 0x00
0000004b: DUP1
0000004c: REVERT
0000004d: JUMPDEST
0000004e: POP
0000004f: PUSH2 0x003f
00000052: PUSH1 0x04
00000054: DUP1
00000055: CALLDATASIZE
00000056: SUB
00000057: PUSH1 0x20
00000059: DUP2
0000005a: LT
0000005b: ISZERO
0000005c: PUSH2 0x0064
0000005f: JUMPI
00000060: PUSH1 0x00
00000062: DUP1
00000063: REVERT
00000064: JUMPDEST
00000065: POP
00000066: CALLDATALOAD
00000067: PUSH1 0x01
00000069: PUSH1 0x01
0000006b: PUSH1 0xa0
0000006d: SHL
0000006e: SUB
0000006f: AND
00000070: PUSH2 0x0121
00000073: JUMP
00000074: JUMPDEST
00000075: CALLVALUE
00000076: DUP1
00000077: ISZERO
00000078: PUSH2 0x0080
0000007b: JUMPI
0000007c: PUSH1 0x00
0000007e: DUP1
0000007f: REVERT
00000080: JUMPDEST
00000081: POP
00000082: PUSH2 0x003f
00000085: PUSH1 0x04
00000087: DUP1
00000088: CALLDATASIZE
00000089: SUB
0000008a: PUSH1 0x40
0000008c: DUP2
0000008d: LT
0000008e: ISZERO
0000008f: PUSH2 0x0097
00000092: JUMPI
00000093: PUSH1 0x00
00000095: DUP1
00000096: REVERT
00000097: JUMPDEST
00000098: POP
00000099: PUSH1 0x01
0000009b: PUSH1 0x01
0000009d: PUSH1 0xa0
0000009f: SHL
000000a0: SUB
000000a1: DUP2
000000a2: CALLDATALOAD
000000a3: AND
000000a4: SWAP1
000000a5: PUSH1 0x20
000000a7: ADD
000000a8: CALLDATALOAD
000000a9: PUSH2 0x0163
000000ac: JUMP
000000ad: JUMPDEST
000000ae: CALLVALUE
000000af: DUP1
000000b0: ISZERO
000000b1: PUSH2 0x00b9
000000b4: JUMPI
000000b5: PUSH1 0x00
000000b7: DUP1
000000b8: REVERT
000000b9: JUMPDEST
000000ba: POP
000000bb: PUSH2 0x00c2
000000be: PUSH2 0x0239
000000c1: JUMP
000000c2: JUMPDEST
000000c3: PUSH1 0x40
000000c5: DUP1
000000c6: MLOAD
000000c7: PUSH1 0x01
000000c9: PUSH1 0x01
000000cb: PUSH1 0xa0
000000cd: SHL
000000ce: SUB
000000cf: SWAP1
000000d0: SWAP3
000000d1: AND
000000d2: DUP3
000000d3: MSTORE
000000d4: MLOAD
000000d5: SWAP1
000000d6: DUP2
000000d7: SWAP1
000000d8: SUB
000000d9: PUSH1 0x20
000000db: ADD
000000dc: SWAP1
000000dd: RETURN
000000de: JUMPDEST
000000df: CALLVALUE
000000e0: DUP1
000000e1: ISZERO
000000e2: PUSH2 0x00ea
000000e5: JUMPI
000000e6: PUSH1 0x00
000000e8: DUP1
000000e9: REVERT
000000ea: JUMPDEST
000000eb: POP
000000ec: PUSH2 0x003f
000000ef: PUSH1 0x04
000000f1: DUP1
000000f2: CALLDATASIZE
000000f3: SUB
000000f4: PUSH1 0x60
000000f6: DUP2
000000f7: LT
000000f8: ISZERO
000000f9: PUSH2 0x0101
000000fc: JUMPI
000000fd: PUSH1 0x00
000000ff: DUP1
00000100: REVERT
00000101: JUMPDEST
00000102: POP
00000103: PUSH1 0x01
00000105: PUSH1 0x01
00000107: PUSH1 0xa0
00000109: SHL
0000010a: SUB
0000010b: DUP2
0000010c: CALLDATALOAD
0000010d: DUP2
0000010e: AND
0000010f: SWAP2
00000110: PUSH1 0x20
00000112: DUP2
00000113: ADD
00000114: CALLDATALOAD
00000115: SWAP2
00000116: PUSH1 0x40
00000118: SWAP1
00000119: SWAP2
0000011a: ADD
0000011b: CALLDATALOAD
0000011c: AND
0000011d: PUSH2 0x0248
00000120: JUMP
00000121: JUMPDEST
00000122: PUSH2 0x0129
00000125: PUSH2 0x02cd
00000128: JUMP
00000129: JUMPDEST
0000012a: PUSH1 0x00
0000012c: DUP1
0000012d: SLOAD
0000012e: PUSH32 0xffffffffffffffffffffffff0000000000000000000000000000000000000000
0000014f: AND
00000150: PUSH1 0x01
00000152: PUSH1 0x01
00000154: PUSH1 0xa0
00000156: SHL
00000157: SUB
00000158: SWAP3
00000159: SWAP1
0000015a: SWAP3
0000015b: AND
0000015c: SWAP2
0000015d: SWAP1
0000015e: SWAP2
0000015f: OR
00000160: SWAP1
00000161: SSTORE
00000162: JUMP
00000163: JUMPDEST
00000164: PUSH2 0x016b
00000167: PUSH2 0x02cd
0000016a: JUMP
0000016b: JUMPDEST
0000016c: PUSH1 0x00
0000016e: SLOAD
0000016f: PUSH1 0x01
00000171: PUSH1 0x01
00000173: PUSH1 0xa0
00000175: SHL
00000176: SUB
00000177: DUP4
00000178: DUP2
00000179: AND
0000017a: SWAP2
0000017b: AND
0000017c: EQ
0000017d: ISZERO
0000017e: PUSH2 0x01fd
00000181: JUMPI
00000182: PUSH1 0x00
00000184: DUP1
00000185: SLOAD
00000186: PUSH1 0x40
00000188: DUP1
00000189: MLOAD
0000018a: PUSH32 0xd0e30db000000000000000000000000000000000000000000000000000000000
000001ab: DUP2
000001ac: MSTORE
000001ad: SWAP1
000001ae: MLOAD
000001af: PUSH1 0x01
000001b1: PUSH1 0x01
000001b3: PUSH1 0xa0
000001b5: SHL
000001b6: SUB
000001b7: SWAP1
000001b8: SWAP3
000001b9: AND
000001ba: SWAP3
000001bb: PUSH4 0xd0e30db0
000001c0: SWAP3
000001c1: DUP6
000001c2: SWAP3
000001c3: PUSH1 0x04
000001c5: DUP1
000001c6: DUP3
000001c7: ADD
000001c8: SWAP4
000001c9: SWAP3
000001ca: SWAP2
000001cb: DUP3
000001cc: SWAP1
000001cd: SUB
000001ce: ADD
000001cf: DUP2
000001d0: DUP6
000001d1: DUP9
000001d2: DUP1
000001d3: EXTCODESIZE
000001d4: ISZERO
000001d5: DUP1
000001d6: ISZERO
000001d7: PUSH2 0x01df
000001da: JUMPI
000001db: PUSH1 0x00
000001dd: DUP1
000001de: REVERT
000001df: JUMPDEST
000001e0: POP
000001e1: GAS
000001e2: CALL
000001e3: ISZERO
000001e4: DUP1
000001e5: ISZERO
000001e6: PUSH2 0x01f3
000001e9: JUMPI
000001ea: RETURNDATASIZE
000001eb: PUSH1 0x00
000001ed: DUP1
000001ee: RETURNDATACOPY
000001ef: RETURNDATASIZE
000001f0: PUSH1 0x00
000001f2: REVERT
000001f3: JUMPDEST
000001f4: POP
000001f5: POP
000001f6: POP
000001f7: POP
000001f8: POP
000001f9: PUSH2 0x0235
000001fc: JUMP
000001fd: JUMPDEST
000001fe: PUSH1 0x40
00000200: MLOAD
00000201: PUSH1 0x01
00000203: PUSH1 0x01
00000205: PUSH1 0xa0
00000207: SHL
00000208: SUB
00000209: DUP4
0000020a: AND
0000020b: SWAP1
0000020c: DUP3
0000020d: ISZERO
0000020e: PUSH2 0x08fc
00000211: MUL
00000212: SWAP1
00000213: DUP4
00000214: SWAP1
00000215: PUSH1 0x00
00000217: DUP2
00000218: DUP2
00000219: DUP2
0000021a: DUP6
0000021b: DUP9
0000021c: DUP9
0000021d: CALL
0000021e: SWAP4
0000021f: POP
00000220: POP
00000221: POP
00000222: POP
00000223: ISZERO
00000224: DUP1
00000225: ISZERO
00000226: PUSH2 0x0233
00000229: JUMPI
0000022a: RETURNDATASIZE
0000022b: PUSH1 0x00
0000022d: DUP1
0000022e: RETURNDATACOPY
0000022f: RETURNDATASIZE
00000230: PUSH1 0x00
00000232: REVERT
00000233: JUMPDEST
00000234: POP
00000235: JUMPDEST
00000236: POP
00000237: POP
00000238: JUMP
00000239: JUMPDEST
0000023a: PUSH1 0x00
0000023c: SLOAD
0000023d: PUSH1 0x01
0000023f: PUSH1 0x01
00000241: PUSH1 0xa0
00000243: SHL
00000244: SUB
00000245: AND
00000246: DUP2
00000247: JUMP
00000248: JUMPDEST
00000249: PUSH2 0x0250
0000024c: PUSH2 0x02cd
0000024f: JUMP
00000250: JUMPDEST
00000251: DUP1
00000252: PUSH1 0x01
00000254: PUSH1 0x01
00000256: PUSH1 0xa0
00000258: SHL
00000259: SUB
0000025a: AND
0000025b: PUSH4 0xa9059cbb
00000260: DUP5
00000261: DUP5
00000262: PUSH1 0x40
00000264: MLOAD
00000265: DUP4
00000266: PUSH4 0xffffffff
0000026b: AND
0000026c: PUSH1 0xe0
0000026e: SHL
0000026f: DUP2
00000270: MSTORE
00000271: PUSH1 0x04
00000273: ADD
00000274: DUP1
00000275: DUP4
00000276: PUSH1 0x01
00000278: PUSH1 0x01
0000027a: PUSH1 0xa0
0000027c: SHL
0000027d: SUB
0000027e: AND
0000027f: PUSH1 0x01
00000281: PUSH1 0x01
00000283: PUSH1 0xa0
00000285: SHL
00000286: SUB
00000287: AND
00000288: DUP2
00000289: MSTORE
0000028a: PUSH1 0x20
0000028c: ADD
0000028d: DUP3
0000028e: DUP2
0000028f: MSTORE
00000290: PUSH1 0x20
00000292: ADD
00000293: SWAP3
00000294: POP
00000295: POP
00000296: POP
00000297: PUSH1 0x00
00000299: PUSH1 0x40
0000029b: MLOAD
0000029c: DUP1
0000029d: DUP4
0000029e: SUB
0000029f: DUP2
000002a0: PUSH1 0x00
000002a2: DUP8
000002a3: DUP1
000002a4: EXTCODESIZE
000002a5: ISZERO
000002a6: DUP1
000002a7: ISZERO
000002a8: PUSH2 0x02b0
000002ab: JUMPI
000002ac: PUSH1 0x00
000002ae: DUP1
000002af: REVERT
000002b0: JUMPDEST
000002b1: POP
000002b2: GAS
000002b3: CALL
000002b4: ISZERO
000002b5: DUP1
000002b6: ISZERO
000002b7: PUSH2 0x02c4
000002ba: JUMPI
000002bb: RETURNDATASIZE
000002bc: PUSH1 0x00
000002be: DUP1
000002bf: RETURNDATACOPY
000002c0: RETURNDATASIZE
000002c1: PUSH1 0x00
000002c3: REVERT
000002c4: JUMPDEST
000002c5: POP
000002c6: POP
000002c7: POP
000002c8: POP
000002c9: POP
000002ca: POP
000002cb: POP
000002cc: JUMP
000002cd: JUMPDEST
000002ce: PUSH1 0x00
000002d0: SLOAD
000002d1: PUSH1 0x01
000002d3: PUSH1 0x01
000002d5: PUSH1 0xa0
000002d7: SHL
000002d8: SUB
000002d9: AND
000002da: CALLER
000002db: EQ
000002dc: PUSH2 0x0346
000002df: JUMPI
000002e0: PUSH1 0x40
000002e2: DUP1
000002e3: MLOAD
000002e4: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000305: DUP2
00000306: MSTORE
00000307: PUSH1 0x20
00000309: PUSH1 0x04
0000030b: DUP3
0000030c: ADD
0000030d: MSTORE
0000030e: PUSH1 0x15
00000310: PUSH1 0x24
00000312: DUP3
00000313: ADD
00000314: MSTORE
00000315: PUSH32 0x73656e646572206973206e6f7420666163746f72790000000000000000000000
00000336: PUSH1 0x44
00000338: DUP3
00000339: ADD
0000033a: MSTORE
0000033b: SWAP1
0000033c: MLOAD
0000033d: SWAP1
0000033e: DUP2
0000033f: SWAP1
00000340: SUB
00000341: PUSH1 0x64
00000343: ADD
00000344: SWAP1
00000345: REVERT
00000346: JUMPDEST
00000347: JUMP
00000348: INVALID
00000349: LOG2
0000034a: PUSH6 0x627a7a723158
00000351: KECCAK256
00000352: UNKNOWN(0xD1)
00000353: UNKNOWN(0xB2)
00000354: UNKNOWN(0x24)
00000355: UNKNOWN(0xB5)
00000356: DUP16
00000357: TLOAD
00000358: UNKNOWN(0xDE)
00000359: PUSH27 0xc2c6dd56e88fc0e4350ba014c1f934fc45ce5c91cb57e72964736f
00000375: PUSH13

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	other	detector	Untrusted CALL target/value reachable	60	no	no	view trace_id: 0xf099c3fe483ae69213833068e2a10489ca86ccc2e1442d5d308611b4f0520741 call_targets: 0x230731528a32a11122426e7688e8d9050a484a77 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xf099c3fe483ae69213833068e2a10489ca86ccc2e1442d5d308611b4f0520741", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x230731528a32a11122426e7688e8d9050a484a77" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x5bb47808", "selector": "0x5bb47808", "calldata_variants": [ "0x5bb47808", "0x5bb478080000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xa9059cbb", "selector": "0xa9059cbb", "calldata_variants": [ "0xa9059cbb", "0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xc45a0155", "selector": "0xc45a0155", "calldata_variants": [ "0xc45a0155", "0xc45a01550000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf640d508", "selector": "0xf640d508", "calldata_variants": [ "0xf640d508", "0xf640d5080000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 482, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 541, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 691, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 3, "guards_detected": [], "untrusted_call_count": 3 }
high	other	detector	ETH value transfer possible	55	no	no	view trace_id: 0xf099c3fe483ae69213833068e2a10489ca86ccc2e1442d5d308611b4f0520741 call_targets: 0x230731528a32a11122426e7688e8d9050a484a77 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xf099c3fe483ae69213833068e2a10489ca86ccc2e1442d5d308611b4f0520741", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x230731528a32a11122426e7688e8d9050a484a77" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x5bb47808", "selector": "0x5bb47808", "calldata_variants": [ "0x5bb47808", "0x5bb478080000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xa9059cbb", "selector": "0xa9059cbb", "calldata_variants": [ "0xa9059cbb", "0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xc45a0155", "selector": "0xc45a0155", "calldata_variants": [ "0xc45a0155", "0xc45a01550000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xf640d508", "selector": "0xf640d508", "calldata_variants": [ "0xf640d508", "0xf640d5080000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 482, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 541, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 691, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 3, "guards_detected": [] }

Severity

Category

Tool

Title

Confidence

Validated

Confirmed

Details

high

other

detector

Untrusted CALL target/value reachable

60

no

view

trace_id: 0xf099c3fe483ae69213833068e2a10489ca86ccc2e1442d5d308611b4f0520741

call_targets: 0x230731528a32a11122426e7688e8d9050a484a77

target_varies: no

classification: constant_target

validation_json

{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xf099c3fe483ae69213833068e2a10489ca86ccc2e1442d5d308611b4f0520741",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x230731528a32a11122426e7688e8d9050a484a77"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x5bb47808",
            "selector": "0x5bb47808",
            "calldata_variants": [
                "0x5bb47808",
                "0x5bb478080000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa9059cbb",
            "selector": "0xa9059cbb",
            "calldata_variants": [
                "0xa9059cbb",
                "0xa9059cbb0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xc45a0155",
            "selector": "0xc45a0155",
            "calldata_variants": [
                "0xc45a0155",
                "0xc45a01550000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf640d508",
            "selector": "0xf640d508",
            "calldata_variants": [
                "0xf640d508",
                "0xf640d5080000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "examples": [
        {
            "pc": 482,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 541,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 691,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 3,
    "guards_detected": [],
    "untrusted_call_count": 3
}