TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-cff5-73a5-b802-fff837e53527

complete
Chain ID
1
Address
0x139cfd93dbaf2682b2ceae7aef2465470cfb9ee3
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
27479 artifact.fetch complete 1 / 3 3 months ago
27480 tool.cast_disasm complete 1 / 3 3 months ago
92137 analysis.bundle complete 1 / 3 1 week ago
92138 capability.graph complete 1 / 3 1 week ago
92139 detector.run complete 1 / 3 1 week ago
92140 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
1
Total opcodes
219
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0022
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x5c60da1b
00000019: EQ
0000001a: PUSH2 0x007d
0000001d: JUMPI
0000001e: PUSH2 0x0052
00000021: JUMP
00000022: JUMPDEST
00000023: CALLDATASIZE
00000024: PUSH2 0x0052
00000027: JUMPI
00000028: PUSH2 0x0050
0000002b: PUSH1 0x00
0000002d: DUP1
0000002e: SLOAD
0000002f: SWAP1
00000030: PUSH2 0x0100
00000033: EXP
00000034: SWAP1
00000035: DIV
00000036: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000004b: AND
0000004c: PUSH2 0x00a8
0000004f: JUMP
00000050: JUMPDEST
00000051: STOP
00000052: JUMPDEST
00000053: PUSH2 0x007b
00000056: PUSH1 0x00
00000058: DUP1
00000059: SLOAD
0000005a: SWAP1
0000005b: PUSH2 0x0100
0000005e: EXP
0000005f: SWAP1
00000060: DIV
00000061: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000076: AND
00000077: PUSH2 0x00a8
0000007a: JUMP
0000007b: JUMPDEST
0000007c: STOP
0000007d: JUMPDEST
0000007e: CALLVALUE
0000007f: DUP1
00000080: ISZERO
00000081: PUSH2 0x0089
00000084: JUMPI
00000085: PUSH1 0x00
00000087: DUP1
00000088: REVERT
00000089: JUMPDEST
0000008a: POP
0000008b: PUSH2 0x0092
0000008e: PUSH2 0x00ce
00000091: JUMP
00000092: JUMPDEST
00000093: PUSH1 0x40
00000095: MLOAD
00000096: PUSH2 0x009f
00000099: SWAP2
0000009a: SWAP1
0000009b: PUSH2 0x0133
0000009e: JUMP
0000009f: JUMPDEST
000000a0: PUSH1 0x40
000000a2: MLOAD
000000a3: DUP1
000000a4: SWAP2
000000a5: SUB
000000a6: SWAP1
000000a7: RETURN
000000a8: JUMPDEST
000000a9: CALLDATASIZE
000000aa: PUSH1 0x00
000000ac: DUP1
000000ad: CALLDATACOPY
000000ae: PUSH1 0x00
000000b0: DUP1
000000b1: CALLDATASIZE
000000b2: PUSH1 0x00
000000b4: DUP5
000000b5: GAS
000000b6: DELEGATECALL
000000b7: RETURNDATASIZE
000000b8: PUSH1 0x00
000000ba: DUP1
000000bb: RETURNDATACOPY
000000bc: DUP1
000000bd: PUSH1 0x00
000000bf: DUP2
000000c0: EQ
000000c1: PUSH2 0x00c9
000000c4: JUMPI
000000c5: RETURNDATASIZE
000000c6: PUSH1 0x00
000000c8: RETURN
000000c9: JUMPDEST
000000ca: RETURNDATASIZE
000000cb: PUSH1 0x00
000000cd: REVERT
000000ce: JUMPDEST
000000cf: PUSH1 0x00
000000d1: DUP1
000000d2: SLOAD
000000d3: SWAP1
000000d4: PUSH2 0x0100
000000d7: EXP
000000d8: SWAP1
000000d9: DIV
000000da: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000ef: AND
000000f0: DUP2
000000f1: JUMP
000000f2: JUMPDEST
000000f3: PUSH1 0x00
000000f5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000010a: DUP3
0000010b: AND
0000010c: SWAP1
0000010d: POP
0000010e: SWAP2
0000010f: SWAP1
00000110: POP
00000111: JUMP
00000112: JUMPDEST
00000113: PUSH1 0x00
00000115: PUSH2 0x011d
00000118: DUP3
00000119: PUSH2 0x00f2
0000011c: JUMP
0000011d: JUMPDEST
0000011e: SWAP1
0000011f: POP
00000120: SWAP2
00000121: SWAP1
00000122: POP
00000123: JUMP
00000124: JUMPDEST
00000125: PUSH2 0x012d
00000128: DUP2
00000129: PUSH2 0x0112
0000012c: JUMP
0000012d: JUMPDEST
0000012e: DUP3
0000012f: MSTORE
00000130: POP
00000131: POP
00000132: JUMP
00000133: JUMPDEST
00000134: PUSH1 0x00
00000136: PUSH1 0x20
00000138: DUP3
00000139: ADD
0000013a: SWAP1
0000013b: POP
0000013c: PUSH2 0x0148
0000013f: PUSH1 0x00
00000141: DUP4
00000142: ADD
00000143: DUP5
00000144: PUSH2 0x0124
00000147: JUMP
00000148: JUMPDEST
00000149: SWAP3
0000014a: SWAP2
0000014b: POP
0000014c: POP
0000014d: JUMP
0000014e: INVALID
0000014f: LOG2
00000150: PUSH5 0x6970667358
00000156: UNKNOWN(0x22)
00000157: SLT
00000158: KECCAK256
00000159: SWAP14
0000015a: UNKNOWN(0xDD)
0000015b: CODESIZE
0000015c: UNKNOWN(0xBA)
0000015d: UNKNOWN(0x0D)
0000015e: OR
0000015f: SWAP1
00000160: UNKNOWN(0xDE)
00000161: EXTCODEHASH
00000162: PUSH2 0xb132
00000165: TIMESTAMP
00000166: COINBASE
00000167: UNKNOWN(0x4D)
00000168: EXP
00000169: UNKNOWN(0x21)
0000016a: SWAP15
0000016b: UNKNOWN(0xEB)
0000016c: OR
0000016d: NUMBER
0000016e: UNKNOWN(0xA9)
0000016f: UNKNOWN(0xF9)
00000170: UNKNOWN(0xD0)
00000171: UNKNOWN(0x28)
00000172: PUSH4 0x6e2b2243
00000177: UNKNOWN(0x26)
00000178: CALLDATALOAD
00000179: PUSH5 0x736f6c6343
0000017f: STOP
00000180: ADDMOD
00000181: GT
00000182: STOP
00000183: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0x6cd8ee4f088cc8984f36e79a6b0b3ecd4717115e585944ad88f74388f217ab9e
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 12,
    "trace_id": "0x6cd8ee4f088cc8984f36e79a6b0b3ecd4717115e585944ad88f74388f217ab9e",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x5c60da1b",
            "selector": "0x5c60da1b",
            "calldata_variants": [
                "0x5c60da1b",
                "0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 182,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}