TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-d35e-701c-99bc-e288841e2dae

complete
Chain ID
1
Address
0x48319f97e5da1233c21c48b80097c0fb7a20ff86
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
28135 artifact.fetch complete 1 / 3 3 months ago
28136 tool.cast_disasm complete 1 / 3 3 months ago
103205 analysis.bundle complete 1 / 3 1 week ago
103206 capability.graph complete 1 / 3 1 week ago
103207 detector.run complete 1 / 3 1 week ago
103208 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
2
EXT*/BALANCE
1
Total opcodes
282
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: SWAP1
00000005: DUP1
00000006: DUP3
00000007: MSTORE
00000008: PUSH1 0x04
0000000a: DUP1
0000000b: CALLDATASIZE
0000000c: LT
0000000d: ISZERO
0000000e: PUSH2 0x0049
00000011: JUMPI
00000012: JUMPDEST
00000013: POP
00000014: POP
00000015: CALLDATASIZE
00000016: ISZERO
00000017: PUSH2 0x001e
0000001a: JUMPI
0000001b: PUSH0
0000001c: DUP1
0000001d: REVERT
0000001e: JUMPDEST
0000001f: PUSH1 0x20
00000021: PUSH32 0x7cb3607a76b32d6d17ca5d1aeb444650b19ac0fabbb1f24c93a0da57346b5610
00000042: SWAP2
00000043: MLOAD
00000044: CALLVALUE
00000045: DUP2
00000046: MSTORE
00000047: LOG1
00000048: STOP
00000049: JUMPDEST
0000004a: PUSH0
0000004b: SWAP2
0000004c: PUSH0
0000004d: CALLDATALOAD
0000004e: PUSH1 0xe0
00000050: SHR
00000051: PUSH4 0xddc63262
00000056: EQ
00000057: PUSH2 0x0060
0000005a: JUMPI
0000005b: POP
0000005c: PUSH2 0x0012
0000005f: JUMP
00000060: JUMPDEST
00000061: DUP4
00000062: SWAP1
00000063: CALLVALUE
00000064: PUSH2 0x0154
00000067: JUMPI
00000068: PUSH1 0x20
0000006a: DUP1
0000006b: PUSH1 0x03
0000006d: NOT
0000006e: CALLDATASIZE
0000006f: ADD
00000070: SLT
00000071: PUSH2 0x0154
00000074: JUMPI
00000075: PUSH4 0x2988bb9f
0000007a: PUSH1 0xe2
0000007c: SHL
0000007d: DUP3
0000007e: MSTORE
0000007f: CALLER
00000080: DUP3
00000081: DUP6
00000082: ADD
00000083: MSTORE
00000084: DUP4
00000085: CALLDATALOAD
00000086: SWAP2
00000087: DUP2
00000088: DUP2
00000089: PUSH1 0x24
0000008b: DUP2
0000008c: PUSH32 0x0000000000000000000000003a0008a588772446f6e656133c2d5029cc4fc20e
000000ad: PUSH1 0x01
000000af: PUSH1 0x01
000000b1: PUSH1 0xa0
000000b3: SHL
000000b4: SUB
000000b5: AND
000000b6: GAS
000000b7: STATICCALL
000000b8: SWAP1
000000b9: DUP2
000000ba: ISZERO
000000bb: PUSH2 0x01c7
000000be: JUMPI
000000bf: PUSH0
000000c0: SWAP2
000000c1: PUSH2 0x0167
000000c4: JUMPI
000000c5: JUMPDEST
000000c6: POP
000000c7: ISZERO
000000c8: PUSH2 0x0158
000000cb: JUMPI
000000cc: PUSH32 0x121c5042302bae5fc561fbc64368f297ca60a880878e1e3a7f7e9380377260bf
000000ed: DUP4
000000ee: MLOAD
000000ef: SWAP2
000000f0: DUP4
000000f1: DUP4
000000f2: MSTORE
000000f3: CALLER
000000f4: SWAP3
000000f5: LOG2
000000f6: CALLER
000000f7: EXTCODESIZE
000000f8: ISZERO
000000f9: PUSH2 0x0154
000000fc: JUMPI
000000fd: PUSH0
000000fe: DUP4
000000ff: SWAP2
00000100: DUP4
00000101: MLOAD
00000102: SWAP5
00000103: DUP6
00000104: DUP1
00000105: SWAP3
00000106: PUSH4 0x0a62ade5
0000010b: PUSH1 0xe3
0000010d: SHL
0000010e: DUP3
0000010f: MSTORE
00000110: CALLER
00000111: GAS
00000112: CALL
00000113: DUP1
00000114: ISZERO
00000115: PUSH2 0x014a
00000118: JUMPI
00000119: PUSH2 0x0120
0000011c: JUMPI
0000011d: DUP4
0000011e: DUP1
0000011f: RETURN
00000120: JUMPDEST
00000121: SWAP1
00000122: SWAP2
00000123: SWAP3
00000124: POP
00000125: PUSH8 0xffffffffffffffff
0000012e: DUP4
0000012f: GT
00000130: PUSH2 0x0137
00000133: JUMPI
00000134: POP
00000135: MSTORE
00000136: STOP
00000137: JUMPDEST
00000138: PUSH1 0x41
0000013a: SWAP1
0000013b: PUSH4 0x4e487b71
00000140: PUSH1 0xe0
00000142: SHL
00000143: PUSH0
00000144: MSTORE
00000145: MSTORE
00000146: PUSH1 0x24
00000148: PUSH0
00000149: REVERT
0000014a: JUMPDEST
0000014b: DUP3
0000014c: MLOAD
0000014d: RETURNDATASIZE
0000014e: PUSH0
0000014f: DUP3
00000150: RETURNDATACOPY
00000151: RETURNDATASIZE
00000152: SWAP1
00000153: REVERT
00000154: JUMPDEST
00000155: PUSH0
00000156: DUP1
00000157: REVERT
00000158: JUMPDEST
00000159: POP
0000015a: POP
0000015b: MLOAD
0000015c: PUSH4 0x0d599dd9
00000161: PUSH1 0xe1
00000163: SHL
00000164: DUP2
00000165: MSTORE
00000166: REVERT
00000167: JUMPDEST
00000168: SWAP1
00000169: POP
0000016a: DUP2
0000016b: RETURNDATASIZE
0000016c: DUP4
0000016d: GT
0000016e: PUSH2 0x01c0
00000171: JUMPI
00000172: JUMPDEST
00000173: PUSH1 0x1f
00000175: DUP2
00000176: ADD
00000177: PUSH1 0x1f
00000179: NOT
0000017a: AND
0000017b: DUP3
0000017c: ADD
0000017d: PUSH8 0xffffffffffffffff
00000186: DUP2
00000187: GT
00000188: DUP4
00000189: DUP3
0000018a: LT
0000018b: OR
0000018c: PUSH2 0x01ad
0000018f: JUMPI
00000190: DUP4
00000191: SWAP2
00000192: DUP4
00000193: SWAP2
00000194: DUP8
00000195: MSTORE
00000196: DUP2
00000197: ADD
00000198: SUB
00000199: SLT
0000019a: PUSH2 0x0154
0000019d: JUMPI
0000019e: MLOAD
0000019f: DUP1
000001a0: ISZERO
000001a1: ISZERO
000001a2: DUP2
000001a3: SUB
000001a4: PUSH2 0x0154
000001a7: JUMPI
000001a8: DUP7
000001a9: PUSH2 0x00c5
000001ac: JUMP
000001ad: JUMPDEST
000001ae: PUSH1 0x41
000001b0: DUP8
000001b1: PUSH4 0x4e487b71
000001b6: PUSH1 0xe0
000001b8: SHL
000001b9: PUSH0
000001ba: MSTORE
000001bb: MSTORE
000001bc: PUSH1 0x24
000001be: PUSH0
000001bf: REVERT
000001c0: JUMPDEST
000001c1: POP
000001c2: RETURNDATASIZE
000001c3: PUSH2 0x0172
000001c6: JUMP
000001c7: JUMPDEST
000001c8: DUP5
000001c9: MLOAD
000001ca: RETURNDATASIZE
000001cb: PUSH0
000001cc: DUP3
000001cd: RETURNDATACOPY
000001ce: RETURNDATASIZE
000001cf: SWAP1
000001d0: REVERT
000001d1: INVALID
000001d2: LOG2
000001d3: PUSH5 0x6970667358
000001d9: UNKNOWN(0x22)
000001da: SLT
000001db: KECCAK256
000001dc: DIV
000001dd: SWAP2
000001de: UNKNOWN(0x26)
000001df: UNKNOWN(0xC7)
000001e0: SLOAD
000001e1: PUSH28 0x8f476665d4b41e09f6ccb068d095fc0c5e946cde6b84a4016aa06473
000001fe: PUSH16

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x1031428ee6b81885f7d22939ea77019826a0351bff4cae6dafc2471cb0eafb91
call_targets: 0x48319f97e5da1233c21c48b80097c0fb7a20ff86
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x1031428ee6b81885f7d22939ea77019826a0351bff4cae6dafc2471cb0eafb91",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x48319f97e5da1233c21c48b80097c0fb7a20ff86"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xddc63262",
            "selector": "0xddc63262",
            "calldata_variants": [
                "0xddc63262",
                "0xddc632620000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 274,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [],
    "untrusted_call_count": 1
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x1031428ee6b81885f7d22939ea77019826a0351bff4cae6dafc2471cb0eafb91
call_targets: 0x48319f97e5da1233c21c48b80097c0fb7a20ff86
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x1031428ee6b81885f7d22939ea77019826a0351bff4cae6dafc2471cb0eafb91",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x48319f97e5da1233c21c48b80097c0fb7a20ff86"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0xddc63262",
            "selector": "0xddc63262",
            "calldata_variants": [
                "0xddc63262",
                "0xddc632620000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 274,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": []
}