TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-d5a5-70aa-b216-e3470ffe3993

complete
Chain ID
1
Address
0x148acd3cd4d6a17cd2abbecd0745b09b62c64f84
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
28577 artifact.fetch complete 1 / 3 3 months ago
28578 tool.cast_disasm complete 1 / 3 3 months ago
92725 analysis.bundle complete 1 / 3 1 week ago
92726 capability.graph complete 1 / 3 1 week ago
92727 detector.run complete 1 / 3 1 week ago
92728 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: no

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
143
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: CALLDATASIZE
00000006: PUSH1 0x43
00000008: JUMPI
00000009: STOP
0000000a: JUMPDEST
0000000b: SWAP1
0000000c: JUMP
0000000d: JUMPDEST
0000000e: PUSH1 0x0a
00000010: SWAP1
00000011: JUMPDEST
00000012: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000027: AND
00000028: SWAP1
00000029: JUMP
0000002a: JUMPDEST
0000002b: PUSH1 0x0a
0000002d: SWAP1
0000002e: SLOAD
0000002f: PUSH1 0x0d
00000031: JUMP
00000032: JUMPDEST
00000033: PUSH1 0x11
00000035: PUSH1 0x0a
00000037: PUSH1 0x0a
00000039: SWAP3
0000003a: SWAP1
0000003b: JUMP
0000003c: JUMPDEST
0000003d: PUSH1 0x0a
0000003f: SWAP1
00000040: PUSH1 0x32
00000042: JUMP
00000043: JUMPDEST
00000044: PUSH1 0x00
00000046: DUP1
00000047: CALLDATALOAD
00000048: PUSH1 0x01
0000004a: PUSH1 0x01
0000004c: PUSH1 0xe0
0000004e: SHL
0000004f: SUB
00000050: NOT
00000051: AND
00000052: DUP2
00000053: MSTORE
00000054: PUSH32 0xc8fcad8db84d3cc18b4c41d551ea0ee66dd599cde068d998e57d5e09332c131c
00000075: PUSH1 0x20
00000077: MSTORE
00000078: PUSH1 0x40
0000007a: DUP2
0000007b: KECCAK256
0000007c: PUSH1 0x83
0000007e: SWAP2
0000007f: ADD
00000080: PUSH1 0x2a
00000082: JUMP
00000083: JUMPDEST
00000084: DUP1
00000085: PUSH1 0x99
00000087: PUSH1 0x94
00000089: PUSH1 0x90
0000008b: PUSH1 0x00
0000008d: PUSH1 0x3c
0000008f: JUMP
00000090: JUMPDEST
00000091: PUSH1 0x11
00000093: JUMP
00000094: JUMPDEST
00000095: SWAP2
00000096: PUSH1 0x11
00000098: JUMP
00000099: JUMPDEST
0000009a: EQ
0000009b: PUSH1 0xbd
0000009d: JUMPI
0000009e: PUSH1 0x00
000000a0: DUP1
000000a1: SWAP2
000000a2: CALLDATASIZE
000000a3: DUP3
000000a4: DUP1
000000a5: CALLDATACOPY
000000a6: DUP2
000000a7: CALLDATASIZE
000000a8: SWAP2
000000a9: GAS
000000aa: DELEGATECALL
000000ab: RETURNDATASIZE
000000ac: PUSH1 0x00
000000ae: DUP1
000000af: RETURNDATACOPY
000000b0: ISZERO
000000b1: PUSH1 0xb8
000000b3: JUMPI
000000b4: RETURNDATASIZE
000000b5: PUSH1 0x00
000000b7: RETURN
000000b8: JUMPDEST
000000b9: RETURNDATASIZE
000000ba: PUSH1 0x00
000000bc: REVERT
000000bd: JUMPDEST
000000be: PUSH1 0x40
000000c0: MLOAD
000000c1: PUSH4 0x0a82dd73
000000c6: PUSH1 0xe3
000000c8: SHL
000000c9: DUP2
000000ca: MSTORE
000000cb: PUSH1 0x01
000000cd: PUSH1 0x01
000000cf: PUSH1 0xe0
000000d1: SHL
000000d2: SUB
000000d3: NOT
000000d4: PUSH1 0x00
000000d6: CALLDATALOAD
000000d7: AND
000000d8: PUSH1 0x04
000000da: DUP3
000000db: ADD
000000dc: MSTORE
000000dd: PUSH1 0x24
000000df: SWAP1
000000e0: REVERT
000000e1: INVALID
000000e2: LOG2
000000e3: PUSH5 0x6970667358
000000e9: UNKNOWN(0x22)
000000ea: SLT
000000eb: KECCAK256
000000ec: MSTORE8
000000ed: UNKNOWN(0xDA)
000000ee: PUSH13 0xd72ecac96469f89966693636f6
000000fc: UNKNOWN(0xDB)
000000fd: UNKNOWN(0xBF)
000000fe: DUP12
000000ff: PUSH15 0x95dfce6a714e39dc78299a8d64736f
0000010f: PUSH13

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 10,
    "status": "unknown",
    "attempts": 11,
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 170,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}