Analysis Run

019b477e-cfe2-72e6-8c7e-16448a8b7075

complete

Chain ID

1

Address

0xcda5b0e64d1ae306c632d8bed5abc6de9a77b62a

Block Number

—

Created

Mon, Dec 22, 2025 7:17 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Verified

Review Backing

Not yet

Best current signal

Untrusted DELEGATECALL target reachable

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
27465	artifact.fetch	complete	1 / 3	3 months ago
27466	tool.cast_disasm	complete	1 / 3	3 months ago
92109	analysis.bundle	complete	1 / 3	1 week ago
92110	capability.graph	complete	1 / 3	1 week ago
92111	detector.run	complete	1 / 3	1 week ago
92112	validation.fork	complete	1 / 3	1 week ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no

Implementation:

—

Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

2

Selfdestruct

0

CREATE2

1

CALL-family (heavy)

1

EXT*/BALANCE

1

Total opcodes

644

Flags

delegatecall_present create_opcodes_present

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH2 0x0013
00000009: JUMPI
0000000a: PUSH2 0x0011
0000000d: PUSH2 0x001d
00000010: JUMP
00000011: JUMPDEST
00000012: STOP
00000013: JUMPDEST
00000014: PUSH2 0x001b
00000017: PUSH2 0x001d
0000001a: JUMP
0000001b: JUMPDEST
0000001c: STOP
0000001d: JUMPDEST
0000001e: PUSH2 0x0025
00000021: PUSH2 0x0091
00000024: JUMP
00000025: JUMPDEST
00000026: PUSH2 0x0035
00000029: PUSH2 0x0030
0000002c: PUSH2 0x0093
0000002f: JUMP
00000030: JUMPDEST
00000031: PUSH2 0x00a2
00000034: JUMP
00000035: JUMPDEST
00000036: JUMP
00000037: JUMPDEST
00000038: PUSH1 0x60
0000003a: PUSH2 0x005c
0000003d: DUP4
0000003e: DUP4
0000003f: PUSH1 0x40
00000041: MLOAD
00000042: DUP1
00000043: PUSH1 0x60
00000045: ADD
00000046: PUSH1 0x40
00000048: MSTORE
00000049: DUP1
0000004a: PUSH1 0x27
0000004c: DUP2
0000004d: MSTORE
0000004e: PUSH1 0x20
00000050: ADD
00000051: PUSH2 0x03f1
00000054: PUSH1 0x27
00000056: SWAP2
00000057: CODECOPY
00000058: PUSH2 0x00c8
0000005b: JUMP
0000005c: JUMPDEST
0000005d: SWAP1
0000005e: POP
0000005f: SWAP3
00000060: SWAP2
00000061: POP
00000062: POP
00000063: JUMP
00000064: JUMPDEST
00000065: PUSH1 0x00
00000067: DUP1
00000068: DUP3
00000069: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000007e: AND
0000007f: EXTCODESIZE
00000080: GT
00000081: SWAP1
00000082: POP
00000083: SWAP2
00000084: SWAP1
00000085: POP
00000086: JUMP
00000087: JUMPDEST
00000088: PUSH1 0x00
0000008a: DUP2
0000008b: SWAP1
0000008c: POP
0000008d: SWAP2
0000008e: SWAP1
0000008f: POP
00000090: JUMP
00000091: JUMPDEST
00000092: JUMP
00000093: JUMPDEST
00000094: PUSH1 0x00
00000096: PUSH2 0x009d
00000099: PUSH2 0x014e
0000009c: JUMP
0000009d: JUMPDEST
0000009e: SWAP1
0000009f: POP
000000a0: SWAP1
000000a1: JUMP
000000a2: JUMPDEST
000000a3: CALLDATASIZE
000000a4: PUSH1 0x00
000000a6: DUP1
000000a7: CALLDATACOPY
000000a8: PUSH1 0x00
000000aa: DUP1
000000ab: CALLDATASIZE
000000ac: PUSH1 0x00
000000ae: DUP5
000000af: GAS
000000b0: DELEGATECALL
000000b1: RETURNDATASIZE
000000b2: PUSH1 0x00
000000b4: DUP1
000000b5: RETURNDATACOPY
000000b6: DUP1
000000b7: PUSH1 0x00
000000b9: DUP2
000000ba: EQ
000000bb: PUSH2 0x00c3
000000be: JUMPI
000000bf: RETURNDATASIZE
000000c0: PUSH1 0x00
000000c2: RETURN
000000c3: JUMPDEST
000000c4: RETURNDATASIZE
000000c5: PUSH1 0x00
000000c7: REVERT
000000c8: JUMPDEST
000000c9: PUSH1 0x60
000000cb: PUSH1 0x00
000000cd: DUP1
000000ce: DUP6
000000cf: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000e4: AND
000000e5: DUP6
000000e6: PUSH1 0x40
000000e8: MLOAD
000000e9: PUSH2 0x00f2
000000ec: SWAP2
000000ed: SWAP1
000000ee: PUSH2 0x02f8
000000f1: JUMP
000000f2: JUMPDEST
000000f3: PUSH1 0x00
000000f5: PUSH1 0x40
000000f7: MLOAD
000000f8: DUP1
000000f9: DUP4
000000fa: SUB
000000fb: DUP2
000000fc: DUP6
000000fd: GAS
000000fe: DELEGATECALL
000000ff: SWAP2
00000100: POP
00000101: POP
00000102: RETURNDATASIZE
00000103: DUP1
00000104: PUSH1 0x00
00000106: DUP2
00000107: EQ
00000108: PUSH2 0x012d
0000010b: JUMPI
0000010c: PUSH1 0x40
0000010e: MLOAD
0000010f: SWAP2
00000110: POP
00000111: PUSH1 0x1f
00000113: NOT
00000114: PUSH1 0x3f
00000116: RETURNDATASIZE
00000117: ADD
00000118: AND
00000119: DUP3
0000011a: ADD
0000011b: PUSH1 0x40
0000011d: MSTORE
0000011e: RETURNDATASIZE
0000011f: DUP3
00000120: MSTORE
00000121: RETURNDATASIZE
00000122: PUSH1 0x00
00000124: PUSH1 0x20
00000126: DUP5
00000127: ADD
00000128: RETURNDATACOPY
00000129: PUSH2 0x0132
0000012c: JUMP
0000012d: JUMPDEST
0000012e: PUSH1 0x60
00000130: SWAP2
00000131: POP
00000132: JUMPDEST
00000133: POP
00000134: SWAP2
00000135: POP
00000136: SWAP2
00000137: POP
00000138: PUSH2 0x0143
0000013b: DUP7
0000013c: DUP4
0000013d: DUP4
0000013e: DUP8
0000013f: PUSH2 0x01a5
00000142: JUMP
00000143: JUMPDEST
00000144: SWAP3
00000145: POP
00000146: POP
00000147: POP
00000148: SWAP4
00000149: SWAP3
0000014a: POP
0000014b: POP
0000014c: POP
0000014d: JUMP
0000014e: JUMPDEST
0000014f: PUSH1 0x00
00000151: PUSH2 0x017c
00000154: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
00000175: PUSH1 0x00
00000177: SHL
00000178: PUSH2 0x0087
0000017b: JUMP
0000017c: JUMPDEST
0000017d: PUSH1 0x00
0000017f: ADD
00000180: PUSH1 0x00
00000182: SWAP1
00000183: SLOAD
00000184: SWAP1
00000185: PUSH2 0x0100
00000188: EXP
00000189: SWAP1
0000018a: DIV
0000018b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001a0: AND
000001a1: SWAP1
000001a2: POP
000001a3: SWAP1
000001a4: JUMP
000001a5: JUMPDEST
000001a6: PUSH1 0x60
000001a8: DUP4
000001a9: ISZERO
000001aa: PUSH2 0x0208
000001ad: JUMPI
000001ae: PUSH1 0x00
000001b0: DUP4
000001b1: MLOAD
000001b2: EQ
000001b3: ISZERO
000001b4: PUSH2 0x0200
000001b7: JUMPI
000001b8: PUSH2 0x01c0
000001bb: DUP6
000001bc: PUSH2 0x0064
000001bf: JUMP
000001c0: JUMPDEST
000001c1: PUSH2 0x01ff
000001c4: JUMPI
000001c5: PUSH1 0x40
000001c7: MLOAD
000001c8: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000001e9: DUP2
000001ea: MSTORE
000001eb: PUSH1 0x04
000001ed: ADD
000001ee: PUSH2 0x01f6
000001f1: SWAP1
000001f2: PUSH2 0x0331
000001f5: JUMP
000001f6: JUMPDEST
000001f7: PUSH1 0x40
000001f9: MLOAD
000001fa: DUP1
000001fb: SWAP2
000001fc: SUB
000001fd: SWAP1
000001fe: REVERT
000001ff: JUMPDEST
00000200: JUMPDEST
00000201: DUP3
00000202: SWAP1
00000203: POP
00000204: PUSH2 0x0213
00000207: JUMP
00000208: JUMPDEST
00000209: PUSH2 0x0212
0000020c: DUP4
0000020d: DUP4
0000020e: PUSH2 0x021b
00000211: JUMP
00000212: JUMPDEST
00000213: JUMPDEST
00000214: SWAP5
00000215: SWAP4
00000216: POP
00000217: POP
00000218: POP
00000219: POP
0000021a: JUMP
0000021b: JUMPDEST
0000021c: PUSH1 0x00
0000021e: DUP3
0000021f: MLOAD
00000220: GT
00000221: ISZERO
00000222: PUSH2 0x022e
00000225: JUMPI
00000226: DUP2
00000227: MLOAD
00000228: DUP1
00000229: DUP4
0000022a: PUSH1 0x20
0000022c: ADD
0000022d: REVERT
0000022e: JUMPDEST
0000022f: DUP1
00000230: PUSH1 0x40
00000232: MLOAD
00000233: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000254: DUP2
00000255: MSTORE
00000256: PUSH1 0x04
00000258: ADD
00000259: PUSH2 0x0262
0000025c: SWAP2
0000025d: SWAP1
0000025e: PUSH2 0x030f
00000261: JUMP
00000262: JUMPDEST
00000263: PUSH1 0x40
00000265: MLOAD
00000266: DUP1
00000267: SWAP2
00000268: SUB
00000269: SWAP1
0000026a: REVERT
0000026b: JUMPDEST
0000026c: PUSH1 0x00
0000026e: PUSH2 0x0276
00000271: DUP3
00000272: PUSH2 0x0351
00000275: JUMP
00000276: JUMPDEST
00000277: PUSH2 0x0280
0000027a: DUP2
0000027b: DUP6
0000027c: PUSH2 0x0367
0000027f: JUMP
00000280: JUMPDEST
00000281: SWAP4
00000282: POP
00000283: PUSH2 0x0290
00000286: DUP2
00000287: DUP6
00000288: PUSH1 0x20
0000028a: DUP7
0000028b: ADD
0000028c: PUSH2 0x0383
0000028f: JUMP
00000290: JUMPDEST
00000291: DUP1
00000292: DUP5
00000293: ADD
00000294: SWAP2
00000295: POP
00000296: POP
00000297: SWAP3
00000298: SWAP2
00000299: POP
0000029a: POP
0000029b: JUMP
0000029c: JUMPDEST
0000029d: PUSH1 0x00
0000029f: PUSH2 0x02a7
000002a2: DUP3
000002a3: PUSH2 0x035c
000002a6: JUMP
000002a7: JUMPDEST
000002a8: PUSH2 0x02b1
000002ab: DUP2
000002ac: DUP6
000002ad: PUSH2 0x0372
000002b0: JUMP
000002b1: JUMPDEST
000002b2: SWAP4
000002b3: POP
000002b4: PUSH2 0x02c1
000002b7: DUP2
000002b8: DUP6
000002b9: PUSH1 0x20
000002bb: DUP7
000002bc: ADD
000002bd: PUSH2 0x0383
000002c0: JUMP
000002c1: JUMPDEST
000002c2: PUSH2 0x02ca
000002c5: DUP2
000002c6: PUSH2 0x03b6
000002c9: JUMP
000002ca: JUMPDEST
000002cb: DUP5
000002cc: ADD
000002cd: SWAP2
000002ce: POP
000002cf: POP
000002d0: SWAP3
000002d1: SWAP2
000002d2: POP
000002d3: POP
000002d4: JUMP
000002d5: JUMPDEST
000002d6: PUSH1 0x00
000002d8: PUSH2 0x02e2
000002db: PUSH1 0x1d
000002dd: DUP4
000002de: PUSH2 0x0372
000002e1: JUMP
000002e2: JUMPDEST
000002e3: SWAP2
000002e4: POP
000002e5: PUSH2 0x02ed
000002e8: DUP3
000002e9: PUSH2 0x03c7
000002ec: JUMP
000002ed: JUMPDEST
000002ee: PUSH1 0x20
000002f0: DUP3
000002f1: ADD
000002f2: SWAP1
000002f3: POP
000002f4: SWAP2
000002f5: SWAP1
000002f6: POP
000002f7: JUMP
000002f8: JUMPDEST
000002f9: PUSH1 0x00
000002fb: PUSH2 0x0304
000002fe: DUP3
000002ff: DUP5
00000300: PUSH2 0x026b
00000303: JUMP
00000304: JUMPDEST
00000305: SWAP2
00000306: POP
00000307: DUP2
00000308: SWAP1
00000309: POP
0000030a: SWAP3
0000030b: SWAP2
0000030c: POP
0000030d: POP
0000030e: JUMP
0000030f: JUMPDEST
00000310: PUSH1 0x00
00000312: PUSH1 0x20
00000314: DUP3
00000315: ADD
00000316: SWAP1
00000317: POP
00000318: DUP2
00000319: DUP2
0000031a: SUB
0000031b: PUSH1 0x00
0000031d: DUP4
0000031e: ADD
0000031f: MSTORE
00000320: PUSH2 0x0329
00000323: DUP2
00000324: DUP5
00000325: PUSH2 0x029c
00000328: JUMP
00000329: JUMPDEST
0000032a: SWAP1
0000032b: POP
0000032c: SWAP3
0000032d: SWAP2
0000032e: POP
0000032f: POP
00000330: JUMP
00000331: JUMPDEST
00000332: PUSH1 0x00
00000334: PUSH1 0x20
00000336: DUP3
00000337: ADD
00000338: SWAP1
00000339: POP
0000033a: DUP2
0000033b: DUP2
0000033c: SUB
0000033d: PUSH1 0x00
0000033f: DUP4
00000340: ADD
00000341: MSTORE
00000342: PUSH2 0x034a
00000345: DUP2
00000346: PUSH2 0x02d5
00000349: JUMP
0000034a: JUMPDEST
0000034b: SWAP1
0000034c: POP
0000034d: SWAP2
0000034e: SWAP1
0000034f: POP
00000350: JUMP
00000351: JUMPDEST
00000352: PUSH1 0x00
00000354: DUP2
00000355: MLOAD
00000356: SWAP1
00000357: POP
00000358: SWAP2
00000359: SWAP1
0000035a: POP
0000035b: JUMP
0000035c: JUMPDEST
0000035d: PUSH1 0x00
0000035f: DUP2
00000360: MLOAD
00000361: SWAP1
00000362: POP
00000363: SWAP2
00000364: SWAP1
00000365: POP
00000366: JUMP
00000367: JUMPDEST
00000368: PUSH1 0x00
0000036a: DUP2
0000036b: SWAP1
0000036c: POP
0000036d: SWAP3
0000036e: SWAP2
0000036f: POP
00000370: POP
00000371: JUMP
00000372: JUMPDEST
00000373: PUSH1 0x00
00000375: DUP3
00000376: DUP3
00000377: MSTORE
00000378: PUSH1 0x20
0000037a: DUP3
0000037b: ADD
0000037c: SWAP1
0000037d: POP
0000037e: SWAP3
0000037f: SWAP2
00000380: POP
00000381: POP
00000382: JUMP
00000383: JUMPDEST
00000384: PUSH1 0x00
00000386: JUMPDEST
00000387: DUP4
00000388: DUP2
00000389: LT
0000038a: ISZERO
0000038b: PUSH2 0x03a1
0000038e: JUMPI
0000038f: DUP1
00000390: DUP3
00000391: ADD
00000392: MLOAD
00000393: DUP2
00000394: DUP5
00000395: ADD
00000396: MSTORE
00000397: PUSH1 0x20
00000399: DUP2
0000039a: ADD
0000039b: SWAP1
0000039c: POP
0000039d: PUSH2 0x0386
000003a0: JUMP
000003a1: JUMPDEST
000003a2: DUP4
000003a3: DUP2
000003a4: GT
000003a5: ISZERO
000003a6: PUSH2 0x03b0
000003a9: JUMPI
000003aa: PUSH1 0x00
000003ac: DUP5
000003ad: DUP5
000003ae: ADD
000003af: MSTORE
000003b0: JUMPDEST
000003b1: POP
000003b2: POP
000003b3: POP
000003b4: POP
000003b5: JUMP
000003b6: JUMPDEST
000003b7: PUSH1 0x00
000003b9: PUSH1 0x1f
000003bb: NOT
000003bc: PUSH1 0x1f
000003be: DUP4
000003bf: ADD
000003c0: AND
000003c1: SWAP1
000003c2: POP
000003c3: SWAP2
000003c4: SWAP1
000003c5: POP
000003c6: JUMP
000003c7: JUMPDEST
000003c8: PUSH32 0x416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000
000003e9: PUSH1 0x00
000003eb: DUP3
000003ec: ADD
000003ed: MSTORE
000003ee: POP
000003ef: JUMP
000003f0: INVALID
000003f1: COINBASE
000003f2: PUSH5 0x6472657373
000003f8: GASPRICE
000003f9: KECCAK256
000003fa: PUSH13 0x6f772d6c6576656c2064656c65
00000408: PUSH8 0x6174652063616c6c
00000411: KECCAK256
00000412: PUSH7 0x61696c6564a264
0000041a: PUSH10 0x7066735822122055b27d
00000425: UNKNOWN(0x4C)
00000426: CODECOPY
00000427: UNKNOWN(0xAB)
00000428: DUP3
00000429: UNKNOWN(0xB8)
0000042a: DUP10
0000042b: UNKNOWN(0x0F)
0000042c: UNKNOWN(0xC1)
0000042d: JUMP
0000042e: TLOAD
0000042f: CODESIZE
00000430: PC
00000431: LOG1
00000432: UNKNOWN(0xB7)
00000433: CALL
00000434: UNKNOWN(0xE0)
00000435: CREATE2
00000436: PUSH25

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
critical	upgradeability	detector	Untrusted DELEGATECALL target reachable	70	no	no	view trace_id: 0xaee7b1cd90124a87b0464fa191893d30a21fb243a224d277a7e7e14e4ec7e860 call_targets: 0x40d6903f14009deabd9b917d77d8ce23297225e5 target_varies: no classification: constant_target validation_json { "sink": "DELEGATECALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xaee7b1cd90124a87b0464fa191893d30a21fb243a224d277a7e7e14e4ec7e860", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0x40d6903f14009deabd9b917d77d8ce23297225e5" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 176, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" }, { "pc": 254, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" } ], "guards_detected": [], "delegatecall_count": 2, "untrusted_delegatecall_count": 2 }
high	other	detector	Untrusted CALL target/value reachable	60	no	no	view trace_id: 0xaee7b1cd90124a87b0464fa191893d30a21fb243a224d277a7e7e14e4ec7e860 call_targets: 0xcda5b0e64d1ae306c632d8bed5abc6de9a77b62a target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xaee7b1cd90124a87b0464fa191893d30a21fb243a224d277a7e7e14e4ec7e860", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xcda5b0e64d1ae306c632d8bed5abc6de9a77b62a" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 1075, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 1, "guards_detected": [], "untrusted_call_count": 1 }
high	other	detector	ETH value transfer possible	55	no	no	view trace_id: 0xaee7b1cd90124a87b0464fa191893d30a21fb243a224d277a7e7e14e4ec7e860 call_targets: 0xcda5b0e64d1ae306c632d8bed5abc6de9a77b62a target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xaee7b1cd90124a87b0464fa191893d30a21fb243a224d277a7e7e14e4ec7e860", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xcda5b0e64d1ae306c632d8bed5abc6de9a77b62a" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 1075, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 1, "guards_detected": [] }
medium	other	detector	CREATE/CREATE2 reachable	45	no	no	view trace_id: 0xebf92390120ae29917f91e592c54897b7f9abf4732bb0edc4dcb35a92d5f8e4c validation_json { "sink": "CREATE", "errors": 0, "status": "unknown", "attempts": 1, "trace_id": "0xebf92390120ae29917f91e592c54897b7f9abf4732bb0edc4dcb35a92d5f8e4c", "confirmed": false, "trace_mode": "structLogs", "call_targets": null, "matched_probe": null, "target_varies": null, "classification": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "create_count": 0, "create2_count": 1 }