TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-caf0-7238-ab33-c72d288695ca

complete
Chain ID
1
Address
0x2a5ef3d72dcad693bf57ec6a5a4909bf8fb37205
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
26597 artifact.fetch complete 1 / 3 3 months ago
26598 tool.cast_disasm complete 1 / 3 3 months ago
69934 analysis.bundle complete 1 / 3 1 week ago
69935 capability.graph complete 1 / 3 1 week ago
69936 detector.run complete 1 / 3 1 week ago
69937 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
2
Total opcodes
496
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH2 0x0013
00000009: JUMPI
0000000a: PUSH2 0x0011
0000000d: PUSH2 0x0017
00000010: JUMP
00000011: JUMPDEST
00000012: STOP
00000013: JUMPDEST
00000014: PUSH2 0x0011
00000017: JUMPDEST
00000018: PUSH2 0x0027
0000001b: PUSH2 0x0022
0000001e: PUSH2 0x005e
00000021: JUMP
00000022: JUMPDEST
00000023: PUSH2 0x00f7
00000026: JUMP
00000027: JUMPDEST
00000028: JUMP
00000029: JUMPDEST
0000002a: PUSH1 0x60
0000002c: PUSH2 0x004e
0000002f: DUP4
00000030: DUP4
00000031: PUSH1 0x40
00000033: MLOAD
00000034: DUP1
00000035: PUSH1 0x60
00000037: ADD
00000038: PUSH1 0x40
0000003a: MSTORE
0000003b: DUP1
0000003c: PUSH1 0x27
0000003e: DUP2
0000003f: MSTORE
00000040: PUSH1 0x20
00000042: ADD
00000043: PUSH2 0x02d6
00000046: PUSH1 0x27
00000048: SWAP2
00000049: CODECOPY
0000004a: PUSH2 0x011b
0000004d: JUMP
0000004e: JUMPDEST
0000004f: SWAP4
00000050: SWAP3
00000051: POP
00000052: POP
00000053: POP
00000054: JUMP
00000055: JUMPDEST
00000056: EXTCODESIZE
00000057: ISZERO
00000058: ISZERO
00000059: SWAP1
0000005a: JUMP
0000005b: JUMPDEST
0000005c: SWAP1
0000005d: JUMP
0000005e: JUMPDEST
0000005f: PUSH1 0x00
00000061: PUSH2 0x0091
00000064: PUSH32 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50
00000085: SLOAD
00000086: PUSH1 0x01
00000088: PUSH1 0x01
0000008a: PUSH1 0xa0
0000008c: SHL
0000008d: SUB
0000008e: AND
0000008f: SWAP1
00000090: JUMP
00000091: JUMPDEST
00000092: PUSH1 0x01
00000094: PUSH1 0x01
00000096: PUSH1 0xa0
00000098: SHL
00000099: SUB
0000009a: AND
0000009b: PUSH4 0x5c60da1b
000000a0: PUSH1 0x40
000000a2: MLOAD
000000a3: DUP2
000000a4: PUSH4 0xffffffff
000000a9: AND
000000aa: PUSH1 0xe0
000000ac: SHL
000000ad: DUP2
000000ae: MSTORE
000000af: PUSH1 0x04
000000b1: ADD
000000b2: PUSH1 0x20
000000b4: PUSH1 0x40
000000b6: MLOAD
000000b7: DUP1
000000b8: DUP4
000000b9: SUB
000000ba: DUP2
000000bb: DUP7
000000bc: GAS
000000bd: STATICCALL
000000be: ISZERO
000000bf: DUP1
000000c0: ISZERO
000000c1: PUSH2 0x00ce
000000c4: JUMPI
000000c5: RETURNDATASIZE
000000c6: PUSH1 0x00
000000c8: DUP1
000000c9: RETURNDATACOPY
000000ca: RETURNDATASIZE
000000cb: PUSH1 0x00
000000cd: REVERT
000000ce: JUMPDEST
000000cf: POP
000000d0: POP
000000d1: POP
000000d2: POP
000000d3: PUSH1 0x40
000000d5: MLOAD
000000d6: RETURNDATASIZE
000000d7: PUSH1 0x1f
000000d9: NOT
000000da: PUSH1 0x1f
000000dc: DUP3
000000dd: ADD
000000de: AND
000000df: DUP3
000000e0: ADD
000000e1: DUP1
000000e2: PUSH1 0x40
000000e4: MSTORE
000000e5: POP
000000e6: DUP2
000000e7: ADD
000000e8: SWAP1
000000e9: PUSH2 0x00f2
000000ec: SWAP2
000000ed: SWAP1
000000ee: PUSH2 0x022d
000000f1: JUMP
000000f2: JUMPDEST
000000f3: SWAP1
000000f4: POP
000000f5: SWAP1
000000f6: JUMP
000000f7: JUMPDEST
000000f8: CALLDATASIZE
000000f9: PUSH1 0x00
000000fb: DUP1
000000fc: CALLDATACOPY
000000fd: PUSH1 0x00
000000ff: DUP1
00000100: CALLDATASIZE
00000101: PUSH1 0x00
00000103: DUP5
00000104: GAS
00000105: DELEGATECALL
00000106: RETURNDATASIZE
00000107: PUSH1 0x00
00000109: DUP1
0000010a: RETURNDATACOPY
0000010b: DUP1
0000010c: DUP1
0000010d: ISZERO
0000010e: PUSH2 0x0116
00000111: JUMPI
00000112: RETURNDATASIZE
00000113: PUSH1 0x00
00000115: RETURN
00000116: JUMPDEST
00000117: RETURNDATASIZE
00000118: PUSH1 0x00
0000011a: REVERT
0000011b: JUMPDEST
0000011c: PUSH1 0x60
0000011e: DUP4
0000011f: EXTCODESIZE
00000120: PUSH2 0x017f
00000123: JUMPI
00000124: PUSH1 0x40
00000126: MLOAD
00000127: PUSH3 0x461bcd
0000012b: PUSH1 0xe5
0000012d: SHL
0000012e: DUP2
0000012f: MSTORE
00000130: PUSH1 0x20
00000132: PUSH1 0x04
00000134: DUP3
00000135: ADD
00000136: MSTORE
00000137: PUSH1 0x26
00000139: PUSH1 0x24
0000013b: DUP3
0000013c: ADD
0000013d: MSTORE
0000013e: PUSH32 0x416464726573733a2064656c65676174652063616c6c20746f206e6f6e2d636f
0000015f: PUSH1 0x44
00000161: DUP3
00000162: ADD
00000163: MSTORE
00000164: PUSH6 0x1b9d1c9858dd
0000016b: PUSH1 0xd2
0000016d: SHL
0000016e: PUSH1 0x64
00000170: DUP3
00000171: ADD
00000172: MSTORE
00000173: PUSH1 0x84
00000175: ADD
00000176: JUMPDEST
00000177: PUSH1 0x40
00000179: MLOAD
0000017a: DUP1
0000017b: SWAP2
0000017c: SUB
0000017d: SWAP1
0000017e: REVERT
0000017f: JUMPDEST
00000180: PUSH1 0x00
00000182: DUP1
00000183: DUP6
00000184: PUSH1 0x01
00000186: PUSH1 0x01
00000188: PUSH1 0xa0
0000018a: SHL
0000018b: SUB
0000018c: AND
0000018d: DUP6
0000018e: PUSH1 0x40
00000190: MLOAD
00000191: PUSH2 0x019a
00000194: SWAP2
00000195: SWAP1
00000196: PUSH2 0x0286
00000199: JUMP
0000019a: JUMPDEST
0000019b: PUSH1 0x00
0000019d: PUSH1 0x40
0000019f: MLOAD
000001a0: DUP1
000001a1: DUP4
000001a2: SUB
000001a3: DUP2
000001a4: DUP6
000001a5: GAS
000001a6: DELEGATECALL
000001a7: SWAP2
000001a8: POP
000001a9: POP
000001aa: RETURNDATASIZE
000001ab: DUP1
000001ac: PUSH1 0x00
000001ae: DUP2
000001af: EQ
000001b0: PUSH2 0x01d5
000001b3: JUMPI
000001b4: PUSH1 0x40
000001b6: MLOAD
000001b7: SWAP2
000001b8: POP
000001b9: PUSH1 0x1f
000001bb: NOT
000001bc: PUSH1 0x3f
000001be: RETURNDATASIZE
000001bf: ADD
000001c0: AND
000001c1: DUP3
000001c2: ADD
000001c3: PUSH1 0x40
000001c5: MSTORE
000001c6: RETURNDATASIZE
000001c7: DUP3
000001c8: MSTORE
000001c9: RETURNDATASIZE
000001ca: PUSH1 0x00
000001cc: PUSH1 0x20
000001ce: DUP5
000001cf: ADD
000001d0: RETURNDATACOPY
000001d1: PUSH2 0x01da
000001d4: JUMP
000001d5: JUMPDEST
000001d6: PUSH1 0x60
000001d8: SWAP2
000001d9: POP
000001da: JUMPDEST
000001db: POP
000001dc: SWAP2
000001dd: POP
000001de: SWAP2
000001df: POP
000001e0: PUSH2 0x01ea
000001e3: DUP3
000001e4: DUP3
000001e5: DUP7
000001e6: PUSH2 0x01f4
000001e9: JUMP
000001ea: JUMPDEST
000001eb: SWAP7
000001ec: SWAP6
000001ed: POP
000001ee: POP
000001ef: POP
000001f0: POP
000001f1: POP
000001f2: POP
000001f3: JUMP
000001f4: JUMPDEST
000001f5: PUSH1 0x60
000001f7: DUP4
000001f8: ISZERO
000001f9: PUSH2 0x0203
000001fc: JUMPI
000001fd: POP
000001fe: DUP2
000001ff: PUSH2 0x004e
00000202: JUMP
00000203: JUMPDEST
00000204: DUP3
00000205: MLOAD
00000206: ISZERO
00000207: PUSH2 0x0213
0000020a: JUMPI
0000020b: DUP3
0000020c: MLOAD
0000020d: DUP1
0000020e: DUP5
0000020f: PUSH1 0x20
00000211: ADD
00000212: REVERT
00000213: JUMPDEST
00000214: DUP2
00000215: PUSH1 0x40
00000217: MLOAD
00000218: PUSH3 0x461bcd
0000021c: PUSH1 0xe5
0000021e: SHL
0000021f: DUP2
00000220: MSTORE
00000221: PUSH1 0x04
00000223: ADD
00000224: PUSH2 0x0176
00000227: SWAP2
00000228: SWAP1
00000229: PUSH2 0x02a2
0000022c: JUMP
0000022d: JUMPDEST
0000022e: PUSH1 0x00
00000230: PUSH1 0x20
00000232: DUP3
00000233: DUP5
00000234: SUB
00000235: SLT
00000236: ISZERO
00000237: PUSH2 0x023f
0000023a: JUMPI
0000023b: PUSH1 0x00
0000023d: DUP1
0000023e: REVERT
0000023f: JUMPDEST
00000240: DUP2
00000241: MLOAD
00000242: PUSH1 0x01
00000244: PUSH1 0x01
00000246: PUSH1 0xa0
00000248: SHL
00000249: SUB
0000024a: DUP2
0000024b: AND
0000024c: DUP2
0000024d: EQ
0000024e: PUSH2 0x004e
00000251: JUMPI
00000252: PUSH1 0x00
00000254: DUP1
00000255: REVERT
00000256: JUMPDEST
00000257: PUSH1 0x00
00000259: JUMPDEST
0000025a: DUP4
0000025b: DUP2
0000025c: LT
0000025d: ISZERO
0000025e: PUSH2 0x0271
00000261: JUMPI
00000262: DUP2
00000263: DUP2
00000264: ADD
00000265: MLOAD
00000266: DUP4
00000267: DUP3
00000268: ADD
00000269: MSTORE
0000026a: PUSH1 0x20
0000026c: ADD
0000026d: PUSH2 0x0259
00000270: JUMP
00000271: JUMPDEST
00000272: DUP4
00000273: DUP2
00000274: GT
00000275: ISZERO
00000276: PUSH2 0x0280
00000279: JUMPI
0000027a: PUSH1 0x00
0000027c: DUP5
0000027d: DUP5
0000027e: ADD
0000027f: MSTORE
00000280: JUMPDEST
00000281: POP
00000282: POP
00000283: POP
00000284: POP
00000285: JUMP
00000286: JUMPDEST
00000287: PUSH1 0x00
00000289: DUP3
0000028a: MLOAD
0000028b: PUSH2 0x0298
0000028e: DUP2
0000028f: DUP5
00000290: PUSH1 0x20
00000292: DUP8
00000293: ADD
00000294: PUSH2 0x0256
00000297: JUMP
00000298: JUMPDEST
00000299: SWAP2
0000029a: SWAP1
0000029b: SWAP2
0000029c: ADD
0000029d: SWAP3
0000029e: SWAP2
0000029f: POP
000002a0: POP
000002a1: JUMP
000002a2: JUMPDEST
000002a3: PUSH1 0x20
000002a5: DUP2
000002a6: MSTORE
000002a7: PUSH1 0x00
000002a9: DUP3
000002aa: MLOAD
000002ab: DUP1
000002ac: PUSH1 0x20
000002ae: DUP5
000002af: ADD
000002b0: MSTORE
000002b1: PUSH2 0x02c1
000002b4: DUP2
000002b5: PUSH1 0x40
000002b7: DUP6
000002b8: ADD
000002b9: PUSH1 0x20
000002bb: DUP8
000002bc: ADD
000002bd: PUSH2 0x0256
000002c0: JUMP
000002c1: JUMPDEST
000002c2: PUSH1 0x1f
000002c4: ADD
000002c5: PUSH1 0x1f
000002c7: NOT
000002c8: AND
000002c9: SWAP2
000002ca: SWAP1
000002cb: SWAP2
000002cc: ADD
000002cd: PUSH1 0x40
000002cf: ADD
000002d0: SWAP3
000002d1: SWAP2
000002d2: POP
000002d3: POP
000002d4: JUMP
000002d5: INVALID
000002d6: COINBASE
000002d7: PUSH5 0x6472657373
000002dd: GASPRICE
000002de: KECCAK256
000002df: PUSH13 0x6f772d6c6576656c2064656c65
000002ed: PUSH8 0x6174652063616c6c
000002f6: KECCAK256
000002f7: PUSH7 0x61696c6564a264
000002ff: PUSH10 0x70667358221220c2cf9c
0000030a: SWAP12
0000030b: DUP16
0000030c: PUSH11 0x17f82bdba0feafe6a89955
00000318: PUSH28

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0x0905b98117c2ff952c6d61d284b652911d135f8ff547498746345418d5c1e929
call_targets: 0x126161afbcd8c8f18d16054f0143374a22421a60
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x0905b98117c2ff952c6d61d284b652911d135f8ff547498746345418d5c1e929",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x126161afbcd8c8f18d16054f0143374a22421a60"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 261,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 422,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}