TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-d2d6-70fa-96a3-093b2a386cfd

complete
Chain ID
1
Address
0x815448c90babda0298836ecc1ff5889b7932d6eb
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
28029 artifact.fetch complete 1 / 3 3 months ago
28030 tool.cast_disasm complete 1 / 3 3 months ago
103001 analysis.bundle complete 1 / 3 1 week ago
103002 capability.graph complete 1 / 3 1 week ago
103003 detector.run complete 1 / 3 1 week ago
103004 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
1
Total opcodes
515
Flags
delegatecall_present create_opcodes_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0043
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x3659cfe6
00000019: EQ
0000001a: PUSH2 0x005a
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x5c60da1b
00000024: EQ
00000025: PUSH2 0x007a
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0x8f283970
0000002f: EQ
00000030: PUSH2 0x00ab
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xf851a440
0000003a: EQ
0000003b: PUSH2 0x00cb
0000003e: JUMPI
0000003f: PUSH2 0x0052
00000042: JUMP
00000043: JUMPDEST
00000044: CALLDATASIZE
00000045: PUSH2 0x0052
00000048: JUMPI
00000049: PUSH2 0x0050
0000004c: PUSH2 0x00e0
0000004f: JUMP
00000050: JUMPDEST
00000051: STOP
00000052: JUMPDEST
00000053: PUSH2 0x0050
00000056: PUSH2 0x00e0
00000059: JUMP
0000005a: JUMPDEST
0000005b: CALLVALUE
0000005c: DUP1
0000005d: ISZERO
0000005e: PUSH2 0x0066
00000061: JUMPI
00000062: PUSH1 0x00
00000064: DUP1
00000065: REVERT
00000066: JUMPDEST
00000067: POP
00000068: PUSH2 0x0050
0000006b: PUSH2 0x0075
0000006e: CALLDATASIZE
0000006f: PUSH1 0x04
00000071: PUSH2 0x034d
00000074: JUMP
00000075: JUMPDEST
00000076: PUSH2 0x00f2
00000079: JUMP
0000007a: JUMPDEST
0000007b: CALLVALUE
0000007c: DUP1
0000007d: ISZERO
0000007e: PUSH2 0x0086
00000081: JUMPI
00000082: PUSH1 0x00
00000084: DUP1
00000085: REVERT
00000086: JUMPDEST
00000087: POP
00000088: PUSH2 0x008f
0000008b: PUSH2 0x011d
0000008e: JUMP
0000008f: JUMPDEST
00000090: PUSH1 0x40
00000092: MLOAD
00000093: PUSH1 0x01
00000095: PUSH1 0x01
00000097: PUSH1 0xa0
00000099: SHL
0000009a: SUB
0000009b: SWAP1
0000009c: SWAP2
0000009d: AND
0000009e: DUP2
0000009f: MSTORE
000000a0: PUSH1 0x20
000000a2: ADD
000000a3: PUSH1 0x40
000000a5: MLOAD
000000a6: DUP1
000000a7: SWAP2
000000a8: SUB
000000a9: SWAP1
000000aa: RETURN
000000ab: JUMPDEST
000000ac: CALLVALUE
000000ad: DUP1
000000ae: ISZERO
000000af: PUSH2 0x00b7
000000b2: JUMPI
000000b3: PUSH1 0x00
000000b5: DUP1
000000b6: REVERT
000000b7: JUMPDEST
000000b8: POP
000000b9: PUSH2 0x0050
000000bc: PUSH2 0x00c6
000000bf: CALLDATASIZE
000000c0: PUSH1 0x04
000000c2: PUSH2 0x034d
000000c5: JUMP
000000c6: JUMPDEST
000000c7: PUSH2 0x014e
000000ca: JUMP
000000cb: JUMPDEST
000000cc: CALLVALUE
000000cd: DUP1
000000ce: ISZERO
000000cf: PUSH2 0x00d7
000000d2: JUMPI
000000d3: PUSH1 0x00
000000d5: DUP1
000000d6: REVERT
000000d7: JUMPDEST
000000d8: POP
000000d9: PUSH2 0x008f
000000dc: PUSH2 0x016e
000000df: JUMP
000000e0: JUMPDEST
000000e1: PUSH2 0x00f0
000000e4: PUSH2 0x00eb
000000e7: PUSH2 0x018f
000000ea: JUMP
000000eb: JUMPDEST
000000ec: PUSH2 0x01ce
000000ef: JUMP
000000f0: JUMPDEST
000000f1: JUMP
000000f2: JUMPDEST
000000f3: PUSH2 0x00fa
000000f6: PUSH2 0x01f2
000000f9: JUMP
000000fa: JUMPDEST
000000fb: PUSH1 0x01
000000fd: PUSH1 0x01
000000ff: PUSH1 0xa0
00000101: SHL
00000102: SUB
00000103: AND
00000104: CALLER
00000105: SUB
00000106: PUSH2 0x0115
00000109: JUMPI
0000010a: PUSH2 0x0112
0000010d: DUP2
0000010e: PUSH2 0x0222
00000111: JUMP
00000112: JUMPDEST
00000113: POP
00000114: JUMP
00000115: JUMPDEST
00000116: PUSH2 0x0112
00000119: PUSH2 0x00e0
0000011c: JUMP
0000011d: JUMPDEST
0000011e: PUSH1 0x00
00000120: PUSH2 0x0127
00000123: PUSH2 0x01f2
00000126: JUMP
00000127: JUMPDEST
00000128: PUSH1 0x01
0000012a: PUSH1 0x01
0000012c: PUSH1 0xa0
0000012e: SHL
0000012f: SUB
00000130: AND
00000131: CALLER
00000132: SUB
00000133: PUSH2 0x0143
00000136: JUMPI
00000137: PUSH2 0x013e
0000013a: PUSH2 0x018f
0000013d: JUMP
0000013e: JUMPDEST
0000013f: SWAP1
00000140: POP
00000141: SWAP1
00000142: JUMP
00000143: JUMPDEST
00000144: PUSH2 0x014b
00000147: PUSH2 0x00e0
0000014a: JUMP
0000014b: JUMPDEST
0000014c: SWAP1
0000014d: JUMP
0000014e: JUMPDEST
0000014f: PUSH2 0x0156
00000152: PUSH2 0x01f2
00000155: JUMP
00000156: JUMPDEST
00000157: PUSH1 0x01
00000159: PUSH1 0x01
0000015b: PUSH1 0xa0
0000015d: SHL
0000015e: SUB
0000015f: AND
00000160: CALLER
00000161: SUB
00000162: PUSH2 0x0115
00000165: JUMPI
00000166: PUSH2 0x0112
00000169: DUP2
0000016a: PUSH2 0x02d1
0000016d: JUMP
0000016e: JUMPDEST
0000016f: PUSH1 0x00
00000171: PUSH2 0x0178
00000174: PUSH2 0x01f2
00000177: JUMP
00000178: JUMPDEST
00000179: PUSH1 0x01
0000017b: PUSH1 0x01
0000017d: PUSH1 0xa0
0000017f: SHL
00000180: SUB
00000181: AND
00000182: CALLER
00000183: SUB
00000184: PUSH2 0x0143
00000187: JUMPI
00000188: PUSH2 0x013e
0000018b: PUSH2 0x01f2
0000018e: JUMP
0000018f: JUMPDEST
00000190: PUSH1 0x00
00000192: PUSH2 0x01bf
00000195: PUSH2 0x014b
00000198: PUSH1 0x01
0000019a: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbd
000001bb: PUSH2 0x037d
000001be: JUMP
000001bf: JUMPDEST
000001c0: SLOAD
000001c1: PUSH1 0x01
000001c3: PUSH1 0x01
000001c5: PUSH1 0xa0
000001c7: SHL
000001c8: SUB
000001c9: AND
000001ca: SWAP2
000001cb: SWAP1
000001cc: POP
000001cd: JUMP
000001ce: JUMPDEST
000001cf: CALLDATASIZE
000001d0: PUSH1 0x00
000001d2: DUP1
000001d3: CALLDATACOPY
000001d4: PUSH1 0x00
000001d6: DUP1
000001d7: CALLDATASIZE
000001d8: PUSH1 0x00
000001da: DUP5
000001db: GAS
000001dc: DELEGATECALL
000001dd: RETURNDATASIZE
000001de: PUSH1 0x00
000001e0: DUP1
000001e1: RETURNDATACOPY
000001e2: DUP1
000001e3: DUP1
000001e4: ISZERO
000001e5: PUSH2 0x01ed
000001e8: JUMPI
000001e9: RETURNDATASIZE
000001ea: PUSH1 0x00
000001ec: RETURN
000001ed: JUMPDEST
000001ee: RETURNDATASIZE
000001ef: PUSH1 0x00
000001f1: REVERT
000001f2: JUMPDEST
000001f3: PUSH1 0x00
000001f5: PUSH2 0x01bf
000001f8: PUSH2 0x014b
000001fb: PUSH1 0x01
000001fd: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6104
0000021e: PUSH2 0x037d
00000221: JUMP
00000222: JUMPDEST
00000223: PUSH1 0x00
00000225: DUP2
00000226: PUSH1 0x01
00000228: PUSH1 0x01
0000022a: PUSH1 0xa0
0000022c: SHL
0000022d: SUB
0000022e: AND
0000022f: EXTCODESIZE
00000230: GT
00000231: PUSH2 0x0281
00000234: JUMPI
00000235: PUSH1 0x40
00000237: MLOAD
00000238: PUSH3 0x461bcd
0000023c: PUSH1 0xe5
0000023e: SHL
0000023f: DUP2
00000240: MSTORE
00000241: PUSH1 0x20
00000243: PUSH1 0x04
00000245: DUP3
00000246: ADD
00000247: MSTORE
00000248: PUSH1 0x1e
0000024a: PUSH1 0x24
0000024c: DUP3
0000024d: ADD
0000024e: MSTORE
0000024f: PUSH32 0x696d706c656d656e746174696f6e206973206e6f7420636f6e74726163740000
00000270: PUSH1 0x44
00000272: DUP3
00000273: ADD
00000274: MSTORE
00000275: PUSH1 0x64
00000277: ADD
00000278: JUMPDEST
00000279: PUSH1 0x40
0000027b: MLOAD
0000027c: DUP1
0000027d: SWAP2
0000027e: SUB
0000027f: SWAP1
00000280: REVERT
00000281: JUMPDEST
00000282: DUP1
00000283: PUSH2 0x02b0
00000286: PUSH2 0x014b
00000289: PUSH1 0x01
0000028b: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbd
000002ac: PUSH2 0x037d
000002af: JUMP
000002b0: JUMPDEST
000002b1: DUP1
000002b2: SLOAD
000002b3: PUSH1 0x01
000002b5: PUSH1 0x01
000002b7: PUSH1 0xa0
000002b9: SHL
000002ba: SUB
000002bb: NOT
000002bc: AND
000002bd: PUSH1 0x01
000002bf: PUSH1 0x01
000002c1: PUSH1 0xa0
000002c3: SHL
000002c4: SUB
000002c5: SWAP3
000002c6: SWAP1
000002c7: SWAP3
000002c8: AND
000002c9: SWAP2
000002ca: SWAP1
000002cb: SWAP2
000002cc: OR
000002cd: SWAP1
000002ce: SSTORE
000002cf: POP
000002d0: JUMP
000002d1: JUMPDEST
000002d2: PUSH1 0x01
000002d4: PUSH1 0x01
000002d6: PUSH1 0xa0
000002d8: SHL
000002d9: SUB
000002da: DUP2
000002db: AND
000002dc: PUSH2 0x031e
000002df: JUMPI
000002e0: PUSH1 0x40
000002e2: MLOAD
000002e3: PUSH3 0x461bcd
000002e7: PUSH1 0xe5
000002e9: SHL
000002ea: DUP2
000002eb: MSTORE
000002ec: PUSH1 0x20
000002ee: PUSH1 0x04
000002f0: DUP3
000002f1: ADD
000002f2: MSTORE
000002f3: PUSH1 0x14
000002f5: PUSH1 0x24
000002f7: DUP3
000002f8: ADD
000002f9: MSTORE
000002fa: PUSH20 0x61646d696e203d207a65726f2061646472657373
0000030f: PUSH1 0x60
00000311: SHL
00000312: PUSH1 0x44
00000314: DUP3
00000315: ADD
00000316: MSTORE
00000317: PUSH1 0x64
00000319: ADD
0000031a: PUSH2 0x0278
0000031d: JUMP
0000031e: JUMPDEST
0000031f: DUP1
00000320: PUSH2 0x02b0
00000323: PUSH2 0x014b
00000326: PUSH1 0x01
00000328: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6104
00000349: PUSH2 0x037d
0000034c: JUMP
0000034d: JUMPDEST
0000034e: PUSH1 0x00
00000350: PUSH1 0x20
00000352: DUP3
00000353: DUP5
00000354: SUB
00000355: SLT
00000356: ISZERO
00000357: PUSH2 0x035f
0000035a: JUMPI
0000035b: PUSH1 0x00
0000035d: DUP1
0000035e: REVERT
0000035f: JUMPDEST
00000360: DUP2
00000361: CALLDATALOAD
00000362: PUSH1 0x01
00000364: PUSH1 0x01
00000366: PUSH1 0xa0
00000368: SHL
00000369: SUB
0000036a: DUP2
0000036b: AND
0000036c: DUP2
0000036d: EQ
0000036e: PUSH2 0x0376
00000371: JUMPI
00000372: PUSH1 0x00
00000374: DUP1
00000375: REVERT
00000376: JUMPDEST
00000377: SWAP4
00000378: SWAP3
00000379: POP
0000037a: POP
0000037b: POP
0000037c: JUMP
0000037d: JUMPDEST
0000037e: DUP2
0000037f: DUP2
00000380: SUB
00000381: DUP2
00000382: DUP2
00000383: GT
00000384: ISZERO
00000385: PUSH2 0x039e
00000388: JUMPI
00000389: PUSH4 0x4e487b71
0000038e: PUSH1 0xe0
00000390: SHL
00000391: PUSH1 0x00
00000393: MSTORE
00000394: PUSH1 0x11
00000396: PUSH1 0x04
00000398: MSTORE
00000399: PUSH1 0x24
0000039b: PUSH1 0x00
0000039d: REVERT
0000039e: JUMPDEST
0000039f: SWAP3
000003a0: SWAP2
000003a1: POP
000003a2: POP
000003a3: JUMP
000003a4: INVALID
000003a5: LOG2
000003a6: PUSH5 0x6970667358
000003ac: UNKNOWN(0x22)
000003ad: SLT
000003ae: KECCAK256
000003af: DIV
000003b0: DUP1
000003b1: SWAP16
000003b2: UNKNOWN(0xCA)
000003b3: UNKNOWN(0xD6)
000003b4: UNKNOWN(0xC6)
000003b5: UNKNOWN(0xF7)
000003b6: UNKNOWN(0x2C)
000003b7: UNKNOWN(0x4E)
000003b8: STATICCALL
000003b9: UNKNOWN(0x2D)
000003ba: CREATE
000003bb: CALLDATASIZE
000003bc: PUSH13 0x54bbad8ee4b251651ce819cf57
000003ca: PUSH4 0x9e8874d7
000003cf: PUSH5 0x736f6c6343
000003d5: STOP
000003d6: ADDMOD
000003d7: ISZERO
000003d8: STOP
000003d9: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0xbaea78b1f99114ca30d2f6829e13eb86202c115499d5fdd9d8e483a8362ba1ad
call_targets: 0xbc84b252010e52e2dddc2f8da514d7c61b8b158b
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 2,
    "trace_id": "0xbaea78b1f99114ca30d2f6829e13eb86202c115499d5fdd9d8e483a8362ba1ad",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xbc84b252010e52e2dddc2f8da514d7c61b8b158b"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3659cfe6",
            "selector": "0x3659cfe6",
            "calldata_variants": [
                "0x3659cfe6",
                "0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5c60da1b",
            "selector": "0x5c60da1b",
            "calldata_variants": [
                "0x5c60da1b",
                "0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8f283970",
            "selector": "0x8f283970",
            "calldata_variants": [
                "0x8f283970",
                "0x8f2839700000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf851a440",
            "selector": "0xf851a440",
            "calldata_variants": [
                "0xf851a440",
                "0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 476,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
medium other detector CREATE/CREATE2 reachable 45 no no
view
trace_id: 0x5fd415236e05e1e183a1f5db3b047ed3230dca3f3f83182245144b69c20748f0
validation_json 
{
    "sink": "CREATE",
    "errors": 0,
    "status": "unknown",
    "attempts": 8,
    "trace_id": "0x5fd415236e05e1e183a1f5db3b047ed3230dca3f3f83182245144b69c20748f0",
    "confirmed": false,
    "trace_mode": "structLogs",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3659cfe6",
            "selector": "0x3659cfe6",
            "calldata_variants": [
                "0x3659cfe6",
                "0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x5c60da1b",
            "selector": "0x5c60da1b",
            "calldata_variants": [
                "0x5c60da1b",
                "0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8f283970",
            "selector": "0x8f283970",
            "calldata_variants": [
                "0x8f283970",
                "0x8f2839700000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf851a440",
            "selector": "0xf851a440",
            "calldata_variants": [
                "0xf851a440",
                "0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "create_count": 1,
    "create2_count": 0
}