TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-d0ef-71aa-9aef-64a0893b2b5a

complete
Chain ID
1
Address
0xa66da13b5e3f38cd1eaf40dfc9359b498a806055
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
27669 artifact.fetch complete 1 / 3 3 months ago
27670 tool.cast_disasm complete 1 / 3 3 months ago
92257 analysis.bundle complete 1 / 3 1 week ago
92258 capability.graph complete 1 / 3 1 week ago
92259 detector.run complete 1 / 3 1 week ago
92260 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
1
CALL-family (heavy)
3
EXT*/BALANCE
0
Total opcodes
171
Flags
delegatecall_present create_opcodes_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH2 0x000b
00000009: JUMPI
0000000a: STOP
0000000b: JUMPDEST
0000000c: PUSH1 0x00
0000000e: PUSH32 0xbec77a503c47907b093281e779d211f6b514083b5f8064a268e3b9dcae86aa87
0000002f: SLOAD
00000030: PUSH1 0x40
00000032: MLOAD
00000033: PUSH32 0xc2c9581400000000000000000000000000000000000000000000000000000000
00000054: DUP2
00000055: MSTORE
00000056: PUSH1 0x00
00000058: DUP1
00000059: CALLDATALOAD
0000005a: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000
0000007b: AND
0000007c: PUSH1 0x04
0000007e: DUP4
0000007f: ADD
00000080: MSTORE
00000081: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000096: SWAP1
00000097: SWAP3
00000098: AND
00000099: SWAP3
0000009a: POP
0000009b: DUP3
0000009c: SWAP1
0000009d: PUSH4 0xc2c95814
000000a2: SWAP1
000000a3: PUSH1 0x24
000000a5: ADD
000000a6: PUSH1 0x20
000000a8: PUSH1 0x40
000000aa: MLOAD
000000ab: DUP1
000000ac: DUP4
000000ad: SUB
000000ae: DUP2
000000af: DUP7
000000b0: GAS
000000b1: STATICCALL
000000b2: ISZERO
000000b3: DUP1
000000b4: ISZERO
000000b5: PUSH2 0x00c2
000000b8: JUMPI
000000b9: RETURNDATASIZE
000000ba: PUSH1 0x00
000000bc: DUP1
000000bd: RETURNDATACOPY
000000be: RETURNDATASIZE
000000bf: PUSH1 0x00
000000c1: REVERT
000000c2: JUMPDEST
000000c3: POP
000000c4: POP
000000c5: POP
000000c6: POP
000000c7: PUSH1 0x40
000000c9: MLOAD
000000ca: RETURNDATASIZE
000000cb: PUSH1 0x1f
000000cd: NOT
000000ce: PUSH1 0x1f
000000d0: DUP3
000000d1: ADD
000000d2: AND
000000d3: DUP3
000000d4: ADD
000000d5: DUP1
000000d6: PUSH1 0x40
000000d8: MSTORE
000000d9: POP
000000da: DUP2
000000db: ADD
000000dc: SWAP1
000000dd: PUSH2 0x00e6
000000e0: SWAP2
000000e1: SWAP1
000000e2: PUSH2 0x010f
000000e5: JUMP
000000e6: JUMPDEST
000000e7: SWAP1
000000e8: POP
000000e9: CALLDATASIZE
000000ea: PUSH1 0x00
000000ec: DUP1
000000ed: CALLDATACOPY
000000ee: PUSH1 0x00
000000f0: DUP1
000000f1: CALLDATASIZE
000000f2: PUSH1 0x00
000000f4: DUP5
000000f5: GAS
000000f6: DELEGATECALL
000000f7: RETURNDATASIZE
000000f8: PUSH1 0x00
000000fa: DUP1
000000fb: RETURNDATACOPY
000000fc: DUP1
000000fd: DUP1
000000fe: ISZERO
000000ff: PUSH2 0x0107
00000102: JUMPI
00000103: RETURNDATASIZE
00000104: PUSH1 0x00
00000106: RETURN
00000107: JUMPDEST
00000108: RETURNDATASIZE
00000109: PUSH1 0x00
0000010b: REVERT
0000010c: JUMPDEST
0000010d: SWAP1
0000010e: JUMP
0000010f: JUMPDEST
00000110: PUSH1 0x00
00000112: PUSH1 0x20
00000114: DUP3
00000115: DUP5
00000116: SUB
00000117: SLT
00000118: ISZERO
00000119: PUSH2 0x0121
0000011c: JUMPI
0000011d: PUSH1 0x00
0000011f: DUP1
00000120: REVERT
00000121: JUMPDEST
00000122: DUP2
00000123: MLOAD
00000124: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000139: DUP2
0000013a: AND
0000013b: DUP2
0000013c: EQ
0000013d: PUSH2 0x0145
00000140: JUMPI
00000141: PUSH1 0x00
00000143: DUP1
00000144: REVERT
00000145: JUMPDEST
00000146: SWAP4
00000147: SWAP3
00000148: POP
00000149: POP
0000014a: POP
0000014b: JUMP
0000014c: INVALID
0000014d: LOG2
0000014e: PUSH5 0x6970667358
00000154: UNKNOWN(0x22)
00000155: SLT
00000156: KECCAK256
00000157: CALL
00000158: UNKNOWN(0xB1)
00000159: DUP15
0000015a: STATICCALL
0000015b: DELEGATECALL
0000015c: UNKNOWN(0xDA)
0000015d: UNKNOWN(0xE4)
0000015e: CREATE2
0000015f: UNKNOWN(0x0C)
00000160: UNKNOWN(0xC9)
00000161: PUSH31 0xd2fc73a9a574202ea8d48438f49d988c500b8d593664736f6c634300081200
00000181: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 10,
    "status": "unknown",
    "attempts": 11,
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 246,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 347,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x55930a91fdd088b001374a511e9aa06df37f9040bd20ab06f0282e7d147be25d
call_targets: 0xa66da13b5e3f38cd1eaf40dfc9359b498a806055
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x55930a91fdd088b001374a511e9aa06df37f9040bd20ab06f0282e7d147be25d",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xa66da13b5e3f38cd1eaf40dfc9359b498a806055"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 343,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [],
    "untrusted_call_count": 1
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x55930a91fdd088b001374a511e9aa06df37f9040bd20ab06f0282e7d147be25d
call_targets: 0xa66da13b5e3f38cd1eaf40dfc9359b498a806055
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x55930a91fdd088b001374a511e9aa06df37f9040bd20ab06f0282e7d147be25d",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xa66da13b5e3f38cd1eaf40dfc9359b498a806055"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 343,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": []
}
medium other detector CREATE/CREATE2 reachable 45 no no
view
trace_id: 0x45ae806697c2291abec83754a69575cdff3d37711e8068fcb11f419107ba825b
validation_json 
{
    "sink": "CREATE",
    "errors": 0,
    "status": "unknown",
    "attempts": 1,
    "trace_id": "0x45ae806697c2291abec83754a69575cdff3d37711e8068fcb11f419107ba825b",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "create_count": 0,
    "create2_count": 1
}