TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-d515-718d-9807-940bc639ad3c

complete
Chain ID
1
Address
0xbfcbcec4973ec02f4e8066a32bc83c2dddae5d1e
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
28469 artifact.fetch complete 1 / 3 3 months ago
28470 tool.cast_disasm complete 1 / 3 3 months ago
92521 analysis.bundle complete 1 / 3 1 week ago
92522 capability.graph complete 1 / 3 1 week ago
92523 detector.run complete 1 / 3 1 week ago
92524 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
2
Total opcodes
498
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH2 0x0013
00000009: JUMPI
0000000a: PUSH2 0x0011
0000000d: PUSH2 0x0017
00000010: JUMP
00000011: JUMPDEST
00000012: STOP
00000013: JUMPDEST
00000014: PUSH2 0x0011
00000017: JUMPDEST
00000018: PUSH2 0x0027
0000001b: PUSH2 0x0022
0000001e: PUSH2 0x0074
00000021: JUMP
00000022: JUMPDEST
00000023: PUSH2 0x0127
00000026: JUMP
00000027: JUMPDEST
00000028: JUMP
00000029: JUMPDEST
0000002a: PUSH1 0x60
0000002c: PUSH2 0x004e
0000002f: DUP4
00000030: DUP4
00000031: PUSH1 0x40
00000033: MLOAD
00000034: DUP1
00000035: PUSH1 0x60
00000037: ADD
00000038: PUSH1 0x40
0000003a: MSTORE
0000003b: DUP1
0000003c: PUSH1 0x27
0000003e: DUP2
0000003f: MSTORE
00000040: PUSH1 0x20
00000042: ADD
00000043: PUSH2 0x0395
00000046: PUSH1 0x27
00000048: SWAP2
00000049: CODECOPY
0000004a: PUSH2 0x014b
0000004d: JUMP
0000004e: JUMPDEST
0000004f: SWAP4
00000050: SWAP3
00000051: POP
00000052: POP
00000053: POP
00000054: JUMP
00000055: JUMPDEST
00000056: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000006b: AND
0000006c: EXTCODESIZE
0000006d: ISZERO
0000006e: ISZERO
0000006f: SWAP1
00000070: JUMP
00000071: JUMPDEST
00000072: SWAP1
00000073: JUMP
00000074: JUMPDEST
00000075: PUSH1 0x00
00000077: PUSH2 0x00b4
0000007a: PUSH32 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50
0000009b: SLOAD
0000009c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000b1: AND
000000b2: SWAP1
000000b3: JUMP
000000b4: JUMPDEST
000000b5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000ca: AND
000000cb: PUSH4 0x5c60da1b
000000d0: PUSH1 0x40
000000d2: MLOAD
000000d3: DUP2
000000d4: PUSH4 0xffffffff
000000d9: AND
000000da: PUSH1 0xe0
000000dc: SHL
000000dd: DUP2
000000de: MSTORE
000000df: PUSH1 0x04
000000e1: ADD
000000e2: PUSH1 0x20
000000e4: PUSH1 0x40
000000e6: MLOAD
000000e7: DUP1
000000e8: DUP4
000000e9: SUB
000000ea: DUP2
000000eb: DUP7
000000ec: GAS
000000ed: STATICCALL
000000ee: ISZERO
000000ef: DUP1
000000f0: ISZERO
000000f1: PUSH2 0x00fe
000000f4: JUMPI
000000f5: RETURNDATASIZE
000000f6: PUSH1 0x00
000000f8: DUP1
000000f9: RETURNDATACOPY
000000fa: RETURNDATASIZE
000000fb: PUSH1 0x00
000000fd: REVERT
000000fe: JUMPDEST
000000ff: POP
00000100: POP
00000101: POP
00000102: POP
00000103: PUSH1 0x40
00000105: MLOAD
00000106: RETURNDATASIZE
00000107: PUSH1 0x1f
00000109: NOT
0000010a: PUSH1 0x1f
0000010c: DUP3
0000010d: ADD
0000010e: AND
0000010f: DUP3
00000110: ADD
00000111: DUP1
00000112: PUSH1 0x40
00000114: MSTORE
00000115: POP
00000116: DUP2
00000117: ADD
00000118: SWAP1
00000119: PUSH2 0x0122
0000011c: SWAP2
0000011d: SWAP1
0000011e: PUSH2 0x02c1
00000121: JUMP
00000122: JUMPDEST
00000123: SWAP1
00000124: POP
00000125: SWAP1
00000126: JUMP
00000127: JUMPDEST
00000128: CALLDATASIZE
00000129: PUSH1 0x00
0000012b: DUP1
0000012c: CALLDATACOPY
0000012d: PUSH1 0x00
0000012f: DUP1
00000130: CALLDATASIZE
00000131: PUSH1 0x00
00000133: DUP5
00000134: GAS
00000135: DELEGATECALL
00000136: RETURNDATASIZE
00000137: PUSH1 0x00
00000139: DUP1
0000013a: RETURNDATACOPY
0000013b: DUP1
0000013c: DUP1
0000013d: ISZERO
0000013e: PUSH2 0x0146
00000141: JUMPI
00000142: RETURNDATASIZE
00000143: PUSH1 0x00
00000145: RETURN
00000146: JUMPDEST
00000147: RETURNDATASIZE
00000148: PUSH1 0x00
0000014a: REVERT
0000014b: JUMPDEST
0000014c: PUSH1 0x60
0000014e: PUSH1 0x00
00000150: DUP1
00000151: DUP6
00000152: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000167: AND
00000168: DUP6
00000169: PUSH1 0x40
0000016b: MLOAD
0000016c: PUSH2 0x0175
0000016f: SWAP2
00000170: SWAP1
00000171: PUSH2 0x0327
00000174: JUMP
00000175: JUMPDEST
00000176: PUSH1 0x00
00000178: PUSH1 0x40
0000017a: MLOAD
0000017b: DUP1
0000017c: DUP4
0000017d: SUB
0000017e: DUP2
0000017f: DUP6
00000180: GAS
00000181: DELEGATECALL
00000182: SWAP2
00000183: POP
00000184: POP
00000185: RETURNDATASIZE
00000186: DUP1
00000187: PUSH1 0x00
00000189: DUP2
0000018a: EQ
0000018b: PUSH2 0x01b0
0000018e: JUMPI
0000018f: PUSH1 0x40
00000191: MLOAD
00000192: SWAP2
00000193: POP
00000194: PUSH1 0x1f
00000196: NOT
00000197: PUSH1 0x3f
00000199: RETURNDATASIZE
0000019a: ADD
0000019b: AND
0000019c: DUP3
0000019d: ADD
0000019e: PUSH1 0x40
000001a0: MSTORE
000001a1: RETURNDATASIZE
000001a2: DUP3
000001a3: MSTORE
000001a4: RETURNDATASIZE
000001a5: PUSH1 0x00
000001a7: PUSH1 0x20
000001a9: DUP5
000001aa: ADD
000001ab: RETURNDATACOPY
000001ac: PUSH2 0x01b5
000001af: JUMP
000001b0: JUMPDEST
000001b1: PUSH1 0x60
000001b3: SWAP2
000001b4: POP
000001b5: JUMPDEST
000001b6: POP
000001b7: SWAP2
000001b8: POP
000001b9: SWAP2
000001ba: POP
000001bb: PUSH2 0x01c6
000001be: DUP7
000001bf: DUP4
000001c0: DUP4
000001c1: DUP8
000001c2: PUSH2 0x01d0
000001c5: JUMP
000001c6: JUMPDEST
000001c7: SWAP7
000001c8: SWAP6
000001c9: POP
000001ca: POP
000001cb: POP
000001cc: POP
000001cd: POP
000001ce: POP
000001cf: JUMP
000001d0: JUMPDEST
000001d1: PUSH1 0x60
000001d3: DUP4
000001d4: ISZERO
000001d5: PUSH2 0x026b
000001d8: JUMPI
000001d9: DUP3
000001da: MLOAD
000001db: PUSH1 0x00
000001dd: SUB
000001de: PUSH2 0x0264
000001e1: JUMPI
000001e2: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001f7: DUP6
000001f8: AND
000001f9: EXTCODESIZE
000001fa: PUSH2 0x0264
000001fd: JUMPI
000001fe: PUSH1 0x40
00000200: MLOAD
00000201: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000222: DUP2
00000223: MSTORE
00000224: PUSH1 0x20
00000226: PUSH1 0x04
00000228: DUP3
00000229: ADD
0000022a: MSTORE
0000022b: PUSH1 0x1d
0000022d: PUSH1 0x24
0000022f: DUP3
00000230: ADD
00000231: MSTORE
00000232: PUSH32 0x416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000
00000253: PUSH1 0x44
00000255: DUP3
00000256: ADD
00000257: MSTORE
00000258: PUSH1 0x64
0000025a: ADD
0000025b: JUMPDEST
0000025c: PUSH1 0x40
0000025e: MLOAD
0000025f: DUP1
00000260: SWAP2
00000261: SUB
00000262: SWAP1
00000263: REVERT
00000264: JUMPDEST
00000265: POP
00000266: DUP2
00000267: PUSH2 0x0275
0000026a: JUMP
0000026b: JUMPDEST
0000026c: PUSH2 0x0275
0000026f: DUP4
00000270: DUP4
00000271: PUSH2 0x027d
00000274: JUMP
00000275: JUMPDEST
00000276: SWAP5
00000277: SWAP4
00000278: POP
00000279: POP
0000027a: POP
0000027b: POP
0000027c: JUMP
0000027d: JUMPDEST
0000027e: DUP2
0000027f: MLOAD
00000280: ISZERO
00000281: PUSH2 0x028d
00000284: JUMPI
00000285: DUP2
00000286: MLOAD
00000287: DUP1
00000288: DUP4
00000289: PUSH1 0x20
0000028b: ADD
0000028c: REVERT
0000028d: JUMPDEST
0000028e: DUP1
0000028f: PUSH1 0x40
00000291: MLOAD
00000292: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
000002b3: DUP2
000002b4: MSTORE
000002b5: PUSH1 0x04
000002b7: ADD
000002b8: PUSH2 0x025b
000002bb: SWAP2
000002bc: SWAP1
000002bd: PUSH2 0x0343
000002c0: JUMP
000002c1: JUMPDEST
000002c2: PUSH1 0x00
000002c4: PUSH1 0x20
000002c6: DUP3
000002c7: DUP5
000002c8: SUB
000002c9: SLT
000002ca: ISZERO
000002cb: PUSH2 0x02d3
000002ce: JUMPI
000002cf: PUSH1 0x00
000002d1: DUP1
000002d2: REVERT
000002d3: JUMPDEST
000002d4: DUP2
000002d5: MLOAD
000002d6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002eb: DUP2
000002ec: AND
000002ed: DUP2
000002ee: EQ
000002ef: PUSH2 0x004e
000002f2: JUMPI
000002f3: PUSH1 0x00
000002f5: DUP1
000002f6: REVERT
000002f7: JUMPDEST
000002f8: PUSH1 0x00
000002fa: JUMPDEST
000002fb: DUP4
000002fc: DUP2
000002fd: LT
000002fe: ISZERO
000002ff: PUSH2 0x0312
00000302: JUMPI
00000303: DUP2
00000304: DUP2
00000305: ADD
00000306: MLOAD
00000307: DUP4
00000308: DUP3
00000309: ADD
0000030a: MSTORE
0000030b: PUSH1 0x20
0000030d: ADD
0000030e: PUSH2 0x02fa
00000311: JUMP
00000312: JUMPDEST
00000313: DUP4
00000314: DUP2
00000315: GT
00000316: ISZERO
00000317: PUSH2 0x0321
0000031a: JUMPI
0000031b: PUSH1 0x00
0000031d: DUP5
0000031e: DUP5
0000031f: ADD
00000320: MSTORE
00000321: JUMPDEST
00000322: POP
00000323: POP
00000324: POP
00000325: POP
00000326: JUMP
00000327: JUMPDEST
00000328: PUSH1 0x00
0000032a: DUP3
0000032b: MLOAD
0000032c: PUSH2 0x0339
0000032f: DUP2
00000330: DUP5
00000331: PUSH1 0x20
00000333: DUP8
00000334: ADD
00000335: PUSH2 0x02f7
00000338: JUMP
00000339: JUMPDEST
0000033a: SWAP2
0000033b: SWAP1
0000033c: SWAP2
0000033d: ADD
0000033e: SWAP3
0000033f: SWAP2
00000340: POP
00000341: POP
00000342: JUMP
00000343: JUMPDEST
00000344: PUSH1 0x20
00000346: DUP2
00000347: MSTORE
00000348: PUSH1 0x00
0000034a: DUP3
0000034b: MLOAD
0000034c: DUP1
0000034d: PUSH1 0x20
0000034f: DUP5
00000350: ADD
00000351: MSTORE
00000352: PUSH2 0x0362
00000355: DUP2
00000356: PUSH1 0x40
00000358: DUP6
00000359: ADD
0000035a: PUSH1 0x20
0000035c: DUP8
0000035d: ADD
0000035e: PUSH2 0x02f7
00000361: JUMP
00000362: JUMPDEST
00000363: PUSH1 0x1f
00000365: ADD
00000366: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
00000387: AND
00000388: SWAP2
00000389: SWAP1
0000038a: SWAP2
0000038b: ADD
0000038c: PUSH1 0x40
0000038e: ADD
0000038f: SWAP3
00000390: SWAP2
00000391: POP
00000392: POP
00000393: JUMP
00000394: INVALID
00000395: COINBASE
00000396: PUSH5 0x6472657373
0000039c: GASPRICE
0000039d: KECCAK256
0000039e: PUSH13 0x6f772d6c6576656c2064656c65
000003ac: PUSH8 0x6174652063616c6c
000003b5: KECCAK256
000003b6: PUSH7 0x61696c6564a264
000003be: PUSH10 0x7066735822122040da54
000003c9: MUL
000003ca: MOD
000003cb: UNKNOWN(0xB8)
000003cc: UNKNOWN(0x4F)
000003cd: UNKNOWN(0xD0)
000003ce: SWAP3
000003cf: ISZERO
000003d0: UNKNOWN(0xDF)
000003d1: PUSH32

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0x3280aba829ab1aa8ea717d554c064de0dfa791578dbdc3b31bbed59c9849ddb6
call_targets: 0xa91f8a52f0c1b4d3fdc256fc5bebca4d627da392
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x3280aba829ab1aa8ea717d554c064de0dfa791578dbdc3b31bbed59c9849ddb6",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xa91f8a52f0c1b4d3fdc256fc5bebca4d627da392"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 309,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 385,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}