Analysis Run

019b477e-ca69-700e-98f8-235654e07d81

complete

Chain ID

1

Address

0x0000a26b00c1f0df003000390027140000faa719

Block Number

—

Created

Mon, Dec 22, 2025 7:17 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Verified

Review Backing

Not yet

Best current signal

Authorization based on tx.origin

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
26509	artifact.fetch	complete	1 / 3	3 months ago
26510	tool.cast_disasm	complete	1 / 3	3 months ago
69766	analysis.bundle	complete	1 / 3	1 week ago
69767	capability.graph	complete	1 / 3	1 week ago
69768	detector.run	complete	1 / 3	1 week ago
69769	validation.fork	complete	1 / 3	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

2

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

2

EXT*/BALANCE

0

Total opcodes

486

Flags

delegatecall_present

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: ISZERO
0000000a: PUSH2 0x0018
0000000d: JUMPI
0000000e: JUMPDEST
0000000f: PUSH2 0x0016
00000012: PUSH2 0x03e4
00000015: JUMP
00000016: JUMPDEST
00000017: STOP
00000018: JUMPDEST
00000019: PUSH1 0x00
0000001b: DUP1
0000001c: CALLDATALOAD
0000001d: PUSH1 0xe0
0000001f: SHR
00000020: PUSH4 0xc4d66de8
00000025: EQ
00000026: PUSH2 0x002f
00000029: JUMPI
0000002a: POP
0000002b: PUSH2 0x000e
0000002e: JUMP
0000002f: JUMPDEST
00000030: CALLVALUE
00000031: PUSH2 0x0224
00000034: JUMPI
00000035: PUSH1 0x20
00000037: PUSH32 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc
00000058: CALLDATASIZE
00000059: ADD
0000005a: SLT
0000005b: PUSH2 0x0224
0000005e: JUMPI
0000005f: DUP1
00000060: DUP1
00000061: PUSH1 0x04
00000063: CALLDATALOAD
00000064: PUSH2 0x006c
00000067: DUP2
00000068: PUSH2 0x0227
0000006b: JUMP
0000006c: JUMPDEST
0000006d: PUSH20 0x939c8d89ebc11fa45e576215e2353673ad0ba18a
00000082: ORIGIN
00000083: EQ
00000084: DUP1
00000085: ISZERO
00000086: PUSH2 0x0207
00000089: JUMPI
0000008a: JUMPDEST
0000008b: DUP1
0000008c: ISZERO
0000008d: PUSH2 0x01ea
00000090: JUMPI
00000091: JUMPDEST
00000092: DUP1
00000093: ISZERO
00000094: PUSH2 0x01cd
00000097: JUMPI
00000098: JUMPDEST
00000099: PUSH2 0x00a1
0000009c: SWAP1
0000009d: PUSH2 0x024a
000000a0: JUMP
000000a1: JUMPDEST
000000a2: PUSH1 0x40
000000a4: MLOAD
000000a5: SWAP1
000000a6: PUSH32 0x5c60da1b00000000000000000000000000000000000000000000000000000000
000000c7: DUP3
000000c8: MSTORE
000000c9: PUSH1 0x20
000000cb: DUP3
000000cc: PUSH1 0x04
000000ce: DUP2
000000cf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000e4: PUSH32 0x0000000000000000000000000000000033ca97c0b4df29103dc8da00a967884f
00000105: AND
00000106: GAS
00000107: STATICCALL
00000108: SWAP2
00000109: DUP3
0000010a: ISZERO
0000010b: PUSH2 0x01c0
0000010e: JUMPI
0000010f: JUMPDEST
00000110: DUP4
00000111: SWAP3
00000112: PUSH2 0x0190
00000115: JUMPI
00000116: JUMPDEST
00000117: POP
00000118: PUSH1 0x40
0000011a: MLOAD
0000011b: PUSH32 0xc4d66de800000000000000000000000000000000000000000000000000000000
0000013c: PUSH1 0x20
0000013e: DUP3
0000013f: ADD
00000140: SWAP1
00000141: DUP2
00000142: MSTORE
00000143: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000158: SWAP3
00000159: SWAP1
0000015a: SWAP3
0000015b: AND
0000015c: PUSH1 0x24
0000015e: DUP1
0000015f: DUP4
00000160: ADD
00000161: SWAP2
00000162: SWAP1
00000163: SWAP2
00000164: MSTORE
00000165: DUP2
00000166: MSTORE
00000167: PUSH2 0x0171
0000016a: PUSH1 0x44
0000016c: DUP3
0000016d: PUSH2 0x0305
00000170: JUMP
00000171: JUMPDEST
00000172: MLOAD
00000173: SWAP2
00000174: GAS
00000175: DELEGATECALL
00000176: PUSH2 0x017d
00000179: PUSH2 0x0378
0000017c: JUMP
0000017d: JUMPDEST
0000017e: POP
0000017f: ISZERO
00000180: PUSH2 0x0188
00000183: JUMPI
00000184: PUSH1 0x40
00000186: MLOAD
00000187: RETURN
00000188: JUMPDEST
00000189: RETURNDATASIZE
0000018a: DUP2
0000018b: DUP1
0000018c: RETURNDATACOPY
0000018d: RETURNDATASIZE
0000018e: SWAP1
0000018f: REVERT
00000190: JUMPDEST
00000191: PUSH2 0x01b2
00000194: SWAP2
00000195: SWAP3
00000196: POP
00000197: PUSH1 0x20
00000199: RETURNDATASIZE
0000019a: DUP2
0000019b: GT
0000019c: PUSH2 0x01b9
0000019f: JUMPI
000001a0: JUMPDEST
000001a1: PUSH2 0x01aa
000001a4: DUP2
000001a5: DUP4
000001a6: PUSH2 0x0305
000001a9: JUMP
000001aa: JUMPDEST
000001ab: DUP2
000001ac: ADD
000001ad: SWAP1
000001ae: PUSH2 0x0353
000001b1: JUMP
000001b2: JUMPDEST
000001b3: SWAP1
000001b4: CODESIZE
000001b5: PUSH2 0x0116
000001b8: JUMP
000001b9: JUMPDEST
000001ba: POP
000001bb: RETURNDATASIZE
000001bc: PUSH2 0x01a0
000001bf: JUMP
000001c0: JUMPDEST
000001c1: PUSH2 0x01c8
000001c4: PUSH2 0x036b
000001c7: JUMP
000001c8: JUMPDEST
000001c9: PUSH2 0x010f
000001cc: JUMP
000001cd: JUMPDEST
000001ce: POP
000001cf: ORIGIN
000001d0: PUSH20 0x3b52ad533687ce908ba0485ac177c5fb42972962
000001e5: EQ
000001e6: PUSH2 0x0098
000001e9: JUMP
000001ea: JUMPDEST
000001eb: POP
000001ec: PUSH20 0x86d26897267711ea4b173c8c124a0a73612001da
00000201: ORIGIN
00000202: EQ
00000203: PUSH2 0x0091
00000206: JUMP
00000207: JUMPDEST
00000208: POP
00000209: PUSH20 0xe80a65eb7a3018deda407e621ef5fb5b416678ca
0000021e: ORIGIN
0000021f: EQ
00000220: PUSH2 0x008a
00000223: JUMP
00000224: JUMPDEST
00000225: DUP1
00000226: REVERT
00000227: JUMPDEST
00000228: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000023d: DUP2
0000023e: AND
0000023f: SUB
00000240: PUSH2 0x0245
00000243: JUMPI
00000244: JUMP
00000245: JUMPDEST
00000246: PUSH1 0x00
00000248: DUP1
00000249: REVERT
0000024a: JUMPDEST
0000024b: ISZERO
0000024c: PUSH2 0x0251
0000024f: JUMPI
00000250: JUMP
00000251: JUMPDEST
00000252: PUSH1 0x84
00000254: PUSH1 0x40
00000256: MLOAD
00000257: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000278: DUP2
00000279: MSTORE
0000027a: PUSH1 0x20
0000027c: PUSH1 0x04
0000027e: DUP3
0000027f: ADD
00000280: MSTORE
00000281: PUSH1 0x34
00000283: PUSH1 0x24
00000285: DUP3
00000286: ADD
00000287: MSTORE
00000288: PUSH32 0x496e697469616c697a65206d757374206f726967696e6174652066726f6d2061
000002a9: PUSH1 0x44
000002ab: DUP3
000002ac: ADD
000002ad: MSTORE
000002ae: PUSH32 0x6e20617070726f766564206465706c6f7965722e000000000000000000000000
000002cf: PUSH1 0x64
000002d1: DUP3
000002d2: ADD
000002d3: MSTORE
000002d4: REVERT
000002d5: JUMPDEST
000002d6: POP
000002d7: PUSH32 0x4e487b7100000000000000000000000000000000000000000000000000000000
000002f8: PUSH1 0x00
000002fa: MSTORE
000002fb: PUSH1 0x41
000002fd: PUSH1 0x04
000002ff: MSTORE
00000300: PUSH1 0x24
00000302: PUSH1 0x00
00000304: REVERT
00000305: JUMPDEST
00000306: SWAP1
00000307: PUSH1 0x1f
00000309: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
0000032a: SWAP2
0000032b: ADD
0000032c: AND
0000032d: DUP2
0000032e: ADD
0000032f: SWAP1
00000330: DUP2
00000331: LT
00000332: PUSH8 0xffffffffffffffff
0000033b: DUP3
0000033c: GT
0000033d: OR
0000033e: PUSH2 0x0346
00000341: JUMPI
00000342: PUSH1 0x40
00000344: MSTORE
00000345: JUMP
00000346: JUMPDEST
00000347: PUSH2 0x034e
0000034a: PUSH2 0x02d5
0000034d: JUMP
0000034e: JUMPDEST
0000034f: PUSH1 0x40
00000351: MSTORE
00000352: JUMP
00000353: JUMPDEST
00000354: SWAP1
00000355: DUP2
00000356: PUSH1 0x20
00000358: SWAP2
00000359: SUB
0000035a: SLT
0000035b: PUSH2 0x0245
0000035e: JUMPI
0000035f: MLOAD
00000360: PUSH2 0x0368
00000363: DUP2
00000364: PUSH2 0x0227
00000367: JUMP
00000368: JUMPDEST
00000369: SWAP1
0000036a: JUMP
0000036b: JUMPDEST
0000036c: POP
0000036d: PUSH1 0x40
0000036f: MLOAD
00000370: RETURNDATASIZE
00000371: PUSH1 0x00
00000373: DUP3
00000374: RETURNDATACOPY
00000375: RETURNDATASIZE
00000376: SWAP1
00000377: REVERT
00000378: JUMPDEST
00000379: RETURNDATASIZE
0000037a: ISZERO
0000037b: PUSH2 0x03df
0000037e: JUMPI
0000037f: RETURNDATASIZE
00000380: SWAP1
00000381: PUSH8 0xffffffffffffffff
0000038a: DUP3
0000038b: GT
0000038c: PUSH2 0x03d2
0000038f: JUMPI
00000390: JUMPDEST
00000391: PUSH1 0x40
00000393: MLOAD
00000394: SWAP2
00000395: PUSH2 0x03c6
00000398: PUSH1 0x20
0000039a: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
000003bb: PUSH1 0x1f
000003bd: DUP5
000003be: ADD
000003bf: AND
000003c0: ADD
000003c1: DUP5
000003c2: PUSH2 0x0305
000003c5: JUMP
000003c6: JUMPDEST
000003c7: DUP3
000003c8: MSTORE
000003c9: RETURNDATASIZE
000003ca: PUSH1 0x00
000003cc: PUSH1 0x20
000003ce: DUP5
000003cf: ADD
000003d0: RETURNDATACOPY
000003d1: JUMP
000003d2: JUMPDEST
000003d3: PUSH2 0x03da
000003d6: PUSH2 0x02d5
000003d9: JUMP
000003da: JUMPDEST
000003db: PUSH2 0x0390
000003de: JUMP
000003df: JUMPDEST
000003e0: PUSH1 0x60
000003e2: SWAP1
000003e3: JUMP
000003e4: JUMPDEST
000003e5: CALLVALUE
000003e6: ISZERO
000003e7: PUSH2 0x03ec
000003ea: JUMPI
000003eb: JUMP
000003ec: JUMPDEST
000003ed: PUSH1 0x00
000003ef: DUP1
000003f0: PUSH1 0x40
000003f2: MLOAD
000003f3: PUSH32 0x5c60da1b00000000000000000000000000000000000000000000000000000000
00000414: DUP2
00000415: MSTORE
00000416: PUSH1 0x20
00000418: DUP2
00000419: PUSH1 0x04
0000041b: DUP2
0000041c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000431: PUSH32 0x0000000000000000000000000000000033ca97c0b4df29103dc8da00a967884f
00000452: AND
00000453: GAS
00000454: STATICCALL
00000455: SWAP1
00000456: DUP2
00000457: ISZERO
00000458: PUSH2 0x049f
0000045b: JUMPI
0000045c: JUMPDEST
0000045d: DUP3
0000045e: SWAP2
0000045f: PUSH2 0x0481
00000462: JUMPI
00000463: JUMPDEST
00000464: POP
00000465: CALLDATASIZE
00000466: DUP3
00000467: DUP1
00000468: CALLDATACOPY
00000469: DUP2
0000046a: CALLDATASIZE
0000046b: SWAP2
0000046c: GAS
0000046d: DELEGATECALL
0000046e: RETURNDATASIZE
0000046f: PUSH1 0x00
00000471: DUP1
00000472: RETURNDATACOPY
00000473: ISZERO
00000474: PUSH2 0x047c
00000477: JUMPI
00000478: RETURNDATASIZE
00000479: PUSH1 0x00
0000047b: RETURN
0000047c: JUMPDEST
0000047d: RETURNDATASIZE
0000047e: PUSH1 0x00
00000480: REVERT
00000481: JUMPDEST
00000482: PUSH2 0x0499
00000485: SWAP2
00000486: POP
00000487: PUSH1 0x20
00000489: RETURNDATASIZE
0000048a: DUP2
0000048b: GT
0000048c: PUSH2 0x01b9
0000048f: JUMPI
00000490: PUSH2 0x01aa
00000493: DUP2
00000494: DUP4
00000495: PUSH2 0x0305
00000498: JUMP
00000499: JUMPDEST
0000049a: DUP4
0000049b: PUSH2 0x0463
0000049e: JUMP
0000049f: JUMPDEST
000004a0: PUSH2 0x04a7
000004a3: PUSH2 0x036b
000004a6: JUMP
000004a7: JUMPDEST
000004a8: PUSH2 0x045c
000004ab: JUMP
000004ac: INVALID
000004ad: LOG2
000004ae: PUSH5 0x6970667358
000004b4: UNKNOWN(0x22)
000004b5: SLT
000004b6: KECCAK256
000004b7: UNKNOWN(0x22)
000004b8: UNKNOWN(0xA6)
000004b9: UNKNOWN(0xF8)
000004ba: UNKNOWN(0xA8)
000004bb: EXP
000004bc: CALLVALUE
000004bd: LT
000004be: PUSH18 0x9e8504e9b42af008259446db5cdbc3acc5d2
000004d1: UNKNOWN(0x0F)
000004d2: RETURN
000004d3: UNKNOWN(0xF8)
000004d4: RETURN
000004d5: CODESIZE
000004d6: LOG4
000004d7: PUSH5 0x736f6c6343
000004dd: STOP
000004de: ADDMOD
000004df: UNKNOWN(0x0E)
000004e0: STOP
000004e1: CALLER

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	auth	detector	Authorization based on tx.origin	70	no	—	view validation_json { "reason": "missing sink mapping", "status": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0xc4d66de8", "selector": "0xc4d66de8", "calldata_variants": [ "0xc4d66de8", "0xc4d66de80000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "guards_detected": [ { "pc": 131, "type": "tx_origin_used" }, { "pc": 485, "type": "tx_origin_used" }, { "pc": 514, "type": "tx_origin_used" }, { "pc": 543, "type": "tx_origin_used" }, { "pc": 130, "type": "tx_origin_used" }, { "pc": 463, "type": "tx_origin_used" }, { "pc": 513, "type": "tx_origin_used" }, { "pc": 542, "type": "tx_origin_used" } ] }
high	upgradeability	detector	Untrusted DELEGATECALL target reachable	55	no	no	view trace_id: 0x41ae49c99f593113c53098fffa6555a63e163d9f4cb8e2609c4c2578ee35ad16 validation_json { "sink": "DELEGATECALL", "errors": 0, "status": "unknown", "attempts": 12, "trace_id": "0x41ae49c99f593113c53098fffa6555a63e163d9f4cb8e2609c4c2578ee35ad16", "confirmed": false, "trace_mode": "callTracer", "call_targets": null, "matched_probe": null, "target_varies": null, "classification": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0xc4d66de8", "selector": "0xc4d66de8", "calldata_variants": [ "0xc4d66de8", "0xc4d66de80000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 373, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" }, { "pc": 1133, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" } ], "guards_detected": [ { "pc": 131, "type": "tx_origin_used" }, { "pc": 485, "type": "tx_origin_used" }, { "pc": 514, "type": "tx_origin_used" }, { "pc": 543, "type": "tx_origin_used" }, { "pc": 130, "type": "tx_origin_used" }, { "pc": 463, "type": "tx_origin_used" }, { "pc": 513, "type": "tx_origin_used" }, { "pc": 542, "type": "tx_origin_used" } ], "delegatecall_count": 2, "untrusted_delegatecall_count": 2 }

Severity

Category

Tool

Title

Confidence

Validated

Confirmed

Details

high

auth

detector

Authorization based on tx.origin

70

no

—

view

validation_json

{
    "reason": "missing sink mapping",
    "status": "no_sink"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xc4d66de8",
            "selector": "0xc4d66de8",
            "calldata_variants": [
                "0xc4d66de8",
                "0xc4d66de80000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "guards_detected": [
        {
            "pc": 131,
            "type": "tx_origin_used"
        },
        {
            "pc": 485,
            "type": "tx_origin_used"
        },
        {
            "pc": 514,
            "type": "tx_origin_used"
        },
        {
            "pc": 543,
            "type": "tx_origin_used"
        },
        {
            "pc": 130,
            "type": "tx_origin_used"
        },
        {
            "pc": 463,
            "type": "tx_origin_used"
        },
        {
            "pc": 513,
            "type": "tx_origin_used"
        },
        {
            "pc": 542,
            "type": "tx_origin_used"
        }
    ]
}

high

upgradeability

detector

Untrusted DELEGATECALL target reachable

55

no

view

trace_id: 0x41ae49c99f593113c53098fffa6555a63e163d9f4cb8e2609c4c2578ee35ad16

validation_json

{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 12,
    "trace_id": "0x41ae49c99f593113c53098fffa6555a63e163d9f4cb8e2609c4c2578ee35ad16",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}

witness_json

{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xc4d66de8",
            "selector": "0xc4d66de8",
            "calldata_variants": [
                "0xc4d66de8",
                "0xc4d66de80000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}

evidence_json

{
    "examples": [
        {
            "pc": 373,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 1133,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 131,
            "type": "tx_origin_used"
        },
        {
            "pc": 485,
            "type": "tx_origin_used"
        },
        {
            "pc": 514,
            "type": "tx_origin_used"
        },
        {
            "pc": 543,
            "type": "tx_origin_used"
        },
        {
            "pc": 130,
            "type": "tx_origin_used"
        },
        {
            "pc": 463,
            "type": "tx_origin_used"
        },
        {
            "pc": 513,
            "type": "tx_origin_used"
        },
        {
            "pc": 542,
            "type": "tx_origin_used"
        }
    ],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}