TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019ba594-4d38-726a-8e88-34cf736dcac0

complete
Chain ID
1
Address
0xf207b2f9f9417fc73cad069f7aa5ae1c6a5b428d
Block Number
Created
Sat, Jan 10, 2026 1:45 AM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
1
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 proxy context implementation known
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
31839 artifact.fetch complete 1 / 3 3 months ago
31840 proxy.resolve complete 1 / 3 3 months ago
31841 tool.cast_disasm complete 1 / 3 3 months ago
31842 analysis.bundle complete 1 / 3 3 months ago
31843 capability.graph complete 1 / 3 3 months ago
31844 detector.run complete 1 / 3 3 months ago
31845 validation.fork complete 1 / 3 3 months ago
31853 report.consolidate complete 1 / 3 3 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: yes onchain_only
Implementation:
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0 target (child run)
Verified Source: no
Proxy evidence 
{
    "method": "minimal_proxy",
    "status": "onchain_only",
    "implementation": "0x0d424072d658e6abd92c36f8fc16fd6479ae15a0",
    "onchain_method": "minimal_proxy"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 3
Findings
0
No findings?

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
24
Flags
delegatecall_present
View cast disassembly output 
00000000: CALLDATASIZE
00000001: RETURNDATASIZE
00000002: RETURNDATASIZE
00000003: CALLDATACOPY
00000004: RETURNDATASIZE
00000005: RETURNDATASIZE
00000006: RETURNDATASIZE
00000007: CALLDATASIZE
00000008: RETURNDATASIZE
00000009: PUSH20 0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
0000001e: GAS
0000001f: DELEGATECALL
00000020: RETURNDATASIZE
00000021: DUP3
00000022: DUP1
00000023: RETURNDATACOPY
00000024: SWAP1
00000025: RETURNDATASIZE
00000026: SWAP2
00000027: PUSH1 0x2b
00000029: JUMPI
0000002a: REVERT
0000002b: JUMPDEST
0000002c: RETURN

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 yes
view
trace_id: 0x61e9f4dbdec7c7c87ab9fbccc72f0bdd5d3a0fa9389b80b99ca2d924b2b5f973
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "validated",
    "attempts": 1,
    "trace_id": "0x61e9f4dbdec7c7c87ab9fbccc72f0bdd5d3a0fa9389b80b99ca2d924b2b5f973"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x",
            "selector": "fallback",
            "calldata_variants": [
                "0x"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 31,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 1
}