TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-d866-73f2-a824-5934bda54cc9

complete
Chain ID
1
Address
0x33b41fe18d3a39046ad672f8a0c8c415454f629c
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
29071 artifact.fetch complete 1 / 3 3 months ago
29072 tool.cast_disasm complete 1 / 3 3 months ago
92345 analysis.bundle complete 1 / 3 1 week ago
92346 capability.graph complete 1 / 3 1 week ago
92347 detector.run complete 1 / 3 1 week ago
92348 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
2
Total opcodes
384
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000001a: CALLER
0000001b: PUSH32 0x0000000000000000000000003305184a01049d7c1e850c6be565bc447212e976
0000003c: DUP3
0000003d: AND
0000003e: SUB
0000003f: PUSH2 0x00c0
00000042: JUMPI
00000043: PUSH0
00000044: CALLDATALOAD
00000045: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000
00000066: AND
00000067: PUSH32 0x4f1ef28600000000000000000000000000000000000000000000000000000000
00000088: EQ
00000089: PUSH2 0x00b6
0000008c: JUMPI
0000008d: PUSH1 0x04
0000008f: PUSH1 0x40
00000091: MLOAD
00000092: PUSH32 0xd2b576ec00000000000000000000000000000000000000000000000000000000
000000b3: DUP2
000000b4: MSTORE
000000b5: REVERT
000000b6: JUMPDEST
000000b7: PUSH2 0x00be
000000ba: PUSH2 0x01b0
000000bd: JUMP
000000be: JUMPDEST
000000bf: STOP
000000c0: JUMPDEST
000000c1: PUSH0
000000c2: DUP1
000000c3: SWAP2
000000c4: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000000e5: SLOAD
000000e6: AND
000000e7: CALLDATASIZE
000000e8: DUP3
000000e9: DUP1
000000ea: CALLDATACOPY
000000eb: DUP2
000000ec: CALLDATASIZE
000000ed: SWAP2
000000ee: GAS
000000ef: DELEGATECALL
000000f0: RETURNDATASIZE
000000f1: PUSH0
000000f2: DUP1
000000f3: RETURNDATACOPY
000000f4: ISZERO
000000f5: PUSH2 0x00fc
000000f8: JUMPI
000000f9: RETURNDATASIZE
000000fa: PUSH0
000000fb: RETURN
000000fc: JUMPDEST
000000fd: RETURNDATASIZE
000000fe: PUSH0
000000ff: REVERT
00000100: JUMPDEST
00000101: PUSH32 0x4e487b7100000000000000000000000000000000000000000000000000000000
00000122: PUSH0
00000123: MSTORE
00000124: PUSH1 0x41
00000126: PUSH1 0x04
00000128: MSTORE
00000129: PUSH1 0x24
0000012b: PUSH0
0000012c: REVERT
0000012d: JUMPDEST
0000012e: SWAP1
0000012f: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
00000150: PUSH1 0x1f
00000152: PUSH1 0x40
00000154: MLOAD
00000155: SWAP4
00000156: ADD
00000157: AND
00000158: DUP3
00000159: ADD
0000015a: DUP3
0000015b: DUP2
0000015c: LT
0000015d: PUSH8 0xffffffffffffffff
00000166: DUP3
00000167: GT
00000168: OR
00000169: PUSH2 0x0171
0000016c: JUMPI
0000016d: PUSH1 0x40
0000016f: MSTORE
00000170: JUMP
00000171: JUMPDEST
00000172: PUSH2 0x0100
00000175: JUMP
00000176: JUMPDEST
00000177: PUSH8 0xffffffffffffffff
00000180: DUP2
00000181: GT
00000182: PUSH2 0x0171
00000185: JUMPI
00000186: PUSH1 0x1f
00000188: ADD
00000189: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
000001aa: AND
000001ab: PUSH1 0x20
000001ad: ADD
000001ae: SWAP1
000001af: JUMP
000001b0: JUMPDEST
000001b1: CALLDATASIZE
000001b2: PUSH1 0x04
000001b4: GT
000001b5: PUSH2 0x0263
000001b8: JUMPI
000001b9: PUSH1 0x40
000001bb: PUSH32 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc
000001dc: CALLDATASIZE
000001dd: ADD
000001de: SLT
000001df: PUSH2 0x0263
000001e2: JUMPI
000001e3: PUSH1 0x04
000001e5: CALLDATALOAD
000001e6: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001fb: DUP2
000001fc: AND
000001fd: DUP1
000001fe: SWAP2
000001ff: SUB
00000200: PUSH2 0x0263
00000203: JUMPI
00000204: PUSH1 0x24
00000206: CALLDATALOAD
00000207: SWAP1
00000208: PUSH8 0xffffffffffffffff
00000211: DUP3
00000212: GT
00000213: PUSH2 0x0263
00000216: JUMPI
00000217: CALLDATASIZE
00000218: PUSH1 0x23
0000021a: DUP4
0000021b: ADD
0000021c: SLT
0000021d: ISZERO
0000021e: PUSH2 0x0263
00000221: JUMPI
00000222: DUP2
00000223: PUSH1 0x04
00000225: ADD
00000226: CALLDATALOAD
00000227: SWAP1
00000228: PUSH2 0x0238
0000022b: PUSH2 0x0233
0000022e: DUP4
0000022f: PUSH2 0x0176
00000232: JUMP
00000233: JUMPDEST
00000234: PUSH2 0x012d
00000237: JUMP
00000238: JUMPDEST
00000239: SWAP2
0000023a: DUP1
0000023b: DUP4
0000023c: MSTORE
0000023d: CALLDATASIZE
0000023e: PUSH1 0x24
00000240: DUP3
00000241: DUP7
00000242: ADD
00000243: ADD
00000244: GT
00000245: PUSH2 0x0263
00000248: JUMPI
00000249: PUSH1 0x20
0000024b: DUP2
0000024c: PUSH0
0000024d: SWAP3
0000024e: PUSH1 0x24
00000250: PUSH2 0x0261
00000253: SWAP8
00000254: ADD
00000255: DUP4
00000256: DUP8
00000257: ADD
00000258: CALLDATACOPY
00000259: DUP5
0000025a: ADD
0000025b: ADD
0000025c: MSTORE
0000025d: PUSH2 0x0267
00000260: JUMP
00000261: JUMPDEST
00000262: JUMP
00000263: JUMPDEST
00000264: PUSH0
00000265: DUP1
00000266: REVERT
00000267: JUMPDEST
00000268: SWAP1
00000269: DUP2
0000026a: EXTCODESIZE
0000026b: ISZERO
0000026c: PUSH2 0x0339
0000026f: JUMPI
00000270: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000285: DUP3
00000286: AND
00000287: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000002a8: DUP2
000002a9: PUSH32 0xffffffffffffffffffffffff0000000000000000000000000000000000000000
000002ca: DUP3
000002cb: SLOAD
000002cc: AND
000002cd: OR
000002ce: SWAP1
000002cf: SSTORE
000002d0: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b
000002f1: PUSH0
000002f2: DUP1
000002f3: LOG2
000002f4: DUP1
000002f5: MLOAD
000002f6: ISZERO
000002f7: PUSH2 0x0306
000002fa: JUMPI
000002fb: PUSH2 0x0303
000002fe: SWAP2
000002ff: PUSH2 0x0380
00000302: JUMP
00000303: JUMPDEST
00000304: POP
00000305: JUMP
00000306: JUMPDEST
00000307: POP
00000308: POP
00000309: CALLVALUE
0000030a: PUSH2 0x030f
0000030d: JUMPI
0000030e: JUMP
0000030f: JUMPDEST
00000310: PUSH1 0x04
00000312: PUSH1 0x40
00000314: MLOAD
00000315: PUSH32 0xb398979f00000000000000000000000000000000000000000000000000000000
00000336: DUP2
00000337: MSTORE
00000338: REVERT
00000339: JUMPDEST
0000033a: PUSH1 0x24
0000033c: DUP3
0000033d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000352: PUSH1 0x40
00000354: MLOAD
00000355: SWAP2
00000356: PUSH32 0x4c9c8ce300000000000000000000000000000000000000000000000000000000
00000377: DUP4
00000378: MSTORE
00000379: AND
0000037a: PUSH1 0x04
0000037c: DUP3
0000037d: ADD
0000037e: MSTORE
0000037f: REVERT
00000380: JUMPDEST
00000381: PUSH0
00000382: DUP1
00000383: PUSH2 0x03b2
00000386: SWAP4
00000387: PUSH1 0x20
00000389: DUP2
0000038a: MLOAD
0000038b: SWAP2
0000038c: ADD
0000038d: DUP5
0000038e: GAS
0000038f: DELEGATECALL
00000390: RETURNDATASIZE
00000391: ISZERO
00000392: PUSH2 0x03b5
00000395: JUMPI
00000396: RETURNDATASIZE
00000397: SWAP2
00000398: PUSH2 0x03a3
0000039b: PUSH2 0x0233
0000039e: DUP5
0000039f: PUSH2 0x0176
000003a2: JUMP
000003a3: JUMPDEST
000003a4: SWAP3
000003a5: DUP4
000003a6: MSTORE
000003a7: RETURNDATASIZE
000003a8: PUSH0
000003a9: PUSH1 0x20
000003ab: DUP6
000003ac: ADD
000003ad: RETURNDATACOPY
000003ae: PUSH2 0x03b9
000003b1: JUMP
000003b2: JUMPDEST
000003b3: SWAP1
000003b4: JUMP
000003b5: JUMPDEST
000003b6: PUSH1 0x60
000003b8: SWAP2
000003b9: JUMPDEST
000003ba: SWAP1
000003bb: PUSH2 0x03f8
000003be: JUMPI
000003bf: POP
000003c0: DUP1
000003c1: MLOAD
000003c2: ISZERO
000003c3: PUSH2 0x03ce
000003c6: JUMPI
000003c7: DUP1
000003c8: MLOAD
000003c9: SWAP1
000003ca: PUSH1 0x20
000003cc: ADD
000003cd: REVERT
000003ce: JUMPDEST
000003cf: PUSH1 0x04
000003d1: PUSH1 0x40
000003d3: MLOAD
000003d4: PUSH32 0xd6bda27500000000000000000000000000000000000000000000000000000000
000003f5: DUP2
000003f6: MSTORE
000003f7: REVERT
000003f8: JUMPDEST
000003f9: DUP2
000003fa: MLOAD
000003fb: ISZERO
000003fc: DUP1
000003fd: PUSH2 0x0450
00000400: JUMPI
00000401: JUMPDEST
00000402: PUSH2 0x0409
00000405: JUMPI
00000406: POP
00000407: SWAP1
00000408: JUMP
00000409: JUMPDEST
0000040a: PUSH1 0x24
0000040c: SWAP1
0000040d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000422: PUSH1 0x40
00000424: MLOAD
00000425: SWAP2
00000426: PUSH32 0x9996b31500000000000000000000000000000000000000000000000000000000
00000447: DUP4
00000448: MSTORE
00000449: AND
0000044a: PUSH1 0x04
0000044c: DUP3
0000044d: ADD
0000044e: MSTORE
0000044f: REVERT
00000450: JUMPDEST
00000451: POP
00000452: DUP1
00000453: EXTCODESIZE
00000454: ISZERO
00000455: PUSH2 0x0401
00000458: JUMP
00000459: INVALID
0000045a: LOG2
0000045b: PUSH5 0x6970667358
00000461: UNKNOWN(0x22)
00000462: SLT
00000463: KECCAK256
00000464: SWAP13
00000465: PUSH30 0x45ec6c53b7895c5e3dcc5295a5e33ca50a3b90b82d24ac2010263cd36c08
00000484: PUSH5 0x736f6c6343
0000048a: STOP
0000048b: ADDMOD
0000048c: OR
0000048d: STOP
0000048e: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0x844406ac7f690e5c3a46c7a194fdbac3c7b12f650a90767791268c4ec2edf715
call_targets: 0xb34c4506b1dfbb56a13b81d8a6c735f65667b31b
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x844406ac7f690e5c3a46c7a194fdbac3c7b12f650a90767791268c4ec2edf715",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xb34c4506b1dfbb56a13b81d8a6c735f65667b31b"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 239,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 911,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}