TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019b477e-d96a-73bf-9c40-bf9969d6b974

complete
Chain ID
1
Address
0x47afdcb2b089c16cee354811ea1bbe0db7c335e9
Block Number
Created
Mon, Dec 22, 2025 7:17 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
29261 artifact.fetch complete 1 / 3 4 months ago
29262 tool.cast_disasm complete 1 / 3 4 months ago
73048 analysis.bundle complete 1 / 3 2 weeks ago
73049 capability.graph complete 1 / 3 2 weeks ago
73050 detector.run complete 1 / 3 2 weeks ago
73051 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
2
Total opcodes
66
Flags
delegatecall_present proxy_like_runtime
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
00000026: SLOAD
00000027: PUSH1 0x00
00000029: SWAP1
0000002a: DUP2
0000002b: SWAP1
0000002c: PUSH1 0x01
0000002e: PUSH1 0x01
00000030: PUSH1 0xa0
00000032: SHL
00000033: SUB
00000034: AND
00000035: CALLDATASIZE
00000036: DUP3
00000037: DUP1
00000038: CALLDATACOPY
00000039: DUP2
0000003a: CALLDATASIZE
0000003b: SWAP2
0000003c: GAS
0000003d: DELEGATECALL
0000003e: RETURNDATASIZE
0000003f: PUSH1 0x00
00000041: DUP1
00000042: RETURNDATACOPY
00000043: ISZERO
00000044: PUSH1 0x4b
00000046: JUMPI
00000047: RETURNDATASIZE
00000048: PUSH1 0x00
0000004a: RETURN
0000004b: JUMPDEST
0000004c: RETURNDATASIZE
0000004d: PUSH1 0x00
0000004f: REVERT
00000050: INVALID
00000051: LOG2
00000052: PUSH5 0x6970667358
00000058: UNKNOWN(0x22)
00000059: SLT
0000005a: KECCAK256
0000005b: UNKNOWN(0x2B)
0000005c: DUP5
0000005d: UNKNOWN(0xEA)
0000005e: SWAP11
0000005f: DUP6
00000060: UNKNOWN(0xC7)
00000061: UNKNOWN(0xBD)
00000062: UNKNOWN(0x2D)
00000063: MSTORE8
00000064: EXTCODECOPY
00000065: UNKNOWN(0xAA)
00000066: UNKNOWN(0xD3)
00000067: UNKNOWN(0x21)
00000068: MSIZE
00000069: MSTORE
0000006a: UNKNOWN(0x4E)
0000006b: UNKNOWN(0xB3)
0000006c: ORIGIN
0000006d: EXTCODEHASH
0000006e: UNKNOWN(0xAB)
0000006f: PUSH10 0x882b0afcb7f41854f935
0000007a: PUSH16

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high upgradeability detector Untrusted DELEGATECALL target reachable 55 no no
view
trace_id: 0x53f7c650a7ce4fe3f39326616fac75a331388303cfc76f1d42ab7d49be4377e2
call_targets: 0x59fbe4cc4ca974e98300f41ac661f7204f0c3fcd
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x53f7c650a7ce4fe3f39326616fac75a331388303cfc76f1d42ab7d49be4377e2",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x59fbe4cc4ca974e98300f41ac661f7204f0c3fcd"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 61,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 108,
            "type": "tx_origin_used"
        }
    ],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
high auth detector Authorization based on tx.origin 70 no
view
validation_json 
{
    "reason": "missing sink mapping",
    "status": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "guards_detected": [
        {
            "pc": 108,
            "type": "tx_origin_used"
        }
    ]
}