TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019ba5f9-b753-732e-91d0-0b50d0b80aee

complete
Chain ID
1
Address
0x4aedc117527fd270d4d56aa32f2e4e532547c8dc
Block Number
Created
Sat, Jan 10, 2026 3:36 AM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 proxy context implementation known
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
32127 artifact.fetch complete 1 / 3 3 months ago
32128 proxy.resolve complete 1 / 3 3 months ago
32129 tool.cast_disasm complete 1 / 3 3 months ago
32130 analysis.bundle complete 1 / 3 3 months ago
32131 capability.graph complete 1 / 3 3 months ago
32132 detector.run complete 1 / 3 3 months ago
32133 validation.fork complete 1 / 3 3 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: yes confirmed
Implementation:
0x304e4d225c21443d906e620aa9922b0712c3ebc1 target (child run)
Verified Source: yes
Proxy evidence 
{
    "method": "etherscan+onchain",
    "status": "confirmed",
    "etherscan_hint": {
        "source": "etherscan",
        "etherscan": {
            "proxy_flag": true,
            "implementation": "0x304e4d225c21443d906e620aa9922b0712c3ebc1"
        }
    },
    "implementation": "0x304e4d225c21443d906e620aa9922b0712c3ebc1",
    "onchain_method": "eip1967"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
3
Total opcodes
674
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0038
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x1ed0bf13
00000019: EQ
0000001a: PUSH2 0x0049
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x6d645b44
00000024: EQ
00000025: PUSH2 0x007a
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0xa37648dc
0000002f: EQ
00000030: PUSH2 0x008f
00000033: JUMPI
00000034: PUSH2 0x003f
00000037: JUMP
00000038: JUMPDEST
00000039: CALLDATASIZE
0000003a: PUSH2 0x003f
0000003d: JUMPI
0000003e: STOP
0000003f: JUMPDEST
00000040: PUSH2 0x0047
00000043: PUSH2 0x00af
00000046: JUMP
00000047: JUMPDEST
00000048: STOP
00000049: JUMPDEST
0000004a: CALLVALUE
0000004b: DUP1
0000004c: ISZERO
0000004d: PUSH2 0x0055
00000050: JUMPI
00000051: PUSH1 0x00
00000053: DUP1
00000054: REVERT
00000055: JUMPDEST
00000056: POP
00000057: PUSH2 0x005e
0000005a: PUSH2 0x00c1
0000005d: JUMP
0000005e: JUMPDEST
0000005f: PUSH1 0x40
00000061: MLOAD
00000062: PUSH1 0x01
00000064: PUSH1 0x01
00000066: PUSH1 0xa0
00000068: SHL
00000069: SUB
0000006a: SWAP1
0000006b: SWAP2
0000006c: AND
0000006d: DUP2
0000006e: MSTORE
0000006f: PUSH1 0x20
00000071: ADD
00000072: PUSH1 0x40
00000074: MLOAD
00000075: DUP1
00000076: SWAP2
00000077: SUB
00000078: SWAP1
00000079: RETURN
0000007a: JUMPDEST
0000007b: CALLVALUE
0000007c: DUP1
0000007d: ISZERO
0000007e: PUSH2 0x0086
00000081: JUMPI
00000082: PUSH1 0x00
00000084: DUP1
00000085: REVERT
00000086: JUMPDEST
00000087: POP
00000088: PUSH2 0x005e
0000008b: PUSH2 0x00d0
0000008e: JUMP
0000008f: JUMPDEST
00000090: CALLVALUE
00000091: DUP1
00000092: ISZERO
00000093: PUSH2 0x009b
00000096: JUMPI
00000097: PUSH1 0x00
00000099: DUP1
0000009a: REVERT
0000009b: JUMPDEST
0000009c: POP
0000009d: PUSH2 0x0047
000000a0: PUSH2 0x00aa
000000a3: CALLDATASIZE
000000a4: PUSH1 0x04
000000a6: PUSH2 0x03c4
000000a9: JUMP
000000aa: JUMPDEST
000000ab: PUSH2 0x0103
000000ae: JUMP
000000af: JUMPDEST
000000b0: PUSH2 0x00bf
000000b3: PUSH2 0x00ba
000000b6: PUSH2 0x00c1
000000b9: JUMP
000000ba: JUMPDEST
000000bb: PUSH2 0x0180
000000be: JUMP
000000bf: JUMPDEST
000000c0: JUMP
000000c1: JUMPDEST
000000c2: PUSH1 0x00
000000c4: PUSH2 0x00cb
000000c7: PUSH2 0x01a4
000000ca: JUMP
000000cb: JUMPDEST
000000cc: SWAP1
000000cd: POP
000000ce: SWAP1
000000cf: JUMP
000000d0: JUMPDEST
000000d1: PUSH1 0x00
000000d3: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
000000f4: JUMPDEST
000000f5: SLOAD
000000f6: PUSH1 0x01
000000f8: PUSH1 0x01
000000fa: PUSH1 0xa0
000000fc: SHL
000000fd: SUB
000000fe: AND
000000ff: SWAP2
00000100: SWAP1
00000101: POP
00000102: JUMP
00000103: JUMPDEST
00000104: PUSH2 0x010b
00000107: PUSH2 0x00d0
0000010a: JUMP
0000010b: JUMPDEST
0000010c: PUSH1 0x40
0000010e: MLOAD
0000010f: PUSH4 0x3846cafb
00000114: PUSH1 0xe0
00000116: SHL
00000117: DUP2
00000118: MSTORE
00000119: CALLER
0000011a: PUSH1 0x04
0000011c: DUP3
0000011d: ADD
0000011e: MSTORE
0000011f: PUSH1 0x01
00000121: PUSH1 0x01
00000123: PUSH1 0xa0
00000125: SHL
00000126: SUB
00000127: SWAP2
00000128: SWAP1
00000129: SWAP2
0000012a: AND
0000012b: SWAP1
0000012c: PUSH4 0x3846cafb
00000131: SWAP1
00000132: PUSH1 0x24
00000134: ADD
00000135: PUSH1 0x00
00000137: PUSH1 0x40
00000139: MLOAD
0000013a: DUP1
0000013b: DUP4
0000013c: SUB
0000013d: DUP2
0000013e: DUP7
0000013f: DUP1
00000140: EXTCODESIZE
00000141: ISZERO
00000142: DUP1
00000143: ISZERO
00000144: PUSH2 0x014c
00000147: JUMPI
00000148: PUSH1 0x00
0000014a: DUP1
0000014b: REVERT
0000014c: JUMPDEST
0000014d: POP
0000014e: GAS
0000014f: STATICCALL
00000150: ISZERO
00000151: DUP1
00000152: ISZERO
00000153: PUSH2 0x0160
00000156: JUMPI
00000157: RETURNDATASIZE
00000158: PUSH1 0x00
0000015a: DUP1
0000015b: RETURNDATACOPY
0000015c: RETURNDATASIZE
0000015d: PUSH1 0x00
0000015f: REVERT
00000160: JUMPDEST
00000161: POP
00000162: POP
00000163: POP
00000164: POP
00000165: PUSH2 0x017d
00000168: DUP2
00000169: PUSH1 0x40
0000016b: MLOAD
0000016c: DUP1
0000016d: PUSH1 0x20
0000016f: ADD
00000170: PUSH1 0x40
00000172: MSTORE
00000173: DUP1
00000174: PUSH1 0x00
00000176: DUP2
00000177: MSTORE
00000178: POP
00000179: PUSH2 0x01cc
0000017c: JUMP
0000017d: JUMPDEST
0000017e: POP
0000017f: JUMP
00000180: JUMPDEST
00000181: CALLDATASIZE
00000182: PUSH1 0x00
00000184: DUP1
00000185: CALLDATACOPY
00000186: PUSH1 0x00
00000188: DUP1
00000189: CALLDATASIZE
0000018a: PUSH1 0x00
0000018c: DUP5
0000018d: GAS
0000018e: DELEGATECALL
0000018f: RETURNDATASIZE
00000190: PUSH1 0x00
00000192: DUP1
00000193: RETURNDATACOPY
00000194: DUP1
00000195: DUP1
00000196: ISZERO
00000197: PUSH2 0x019f
0000019a: JUMPI
0000019b: RETURNDATASIZE
0000019c: PUSH1 0x00
0000019e: RETURN
0000019f: JUMPDEST
000001a0: RETURNDATASIZE
000001a1: PUSH1 0x00
000001a3: REVERT
000001a4: JUMPDEST
000001a5: PUSH1 0x00
000001a7: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000001c8: PUSH2 0x00f4
000001cb: JUMP
000001cc: JUMPDEST
000001cd: PUSH2 0x01d5
000001d0: DUP3
000001d1: PUSH2 0x022b
000001d4: JUMP
000001d5: JUMPDEST
000001d6: PUSH1 0x40
000001d8: MLOAD
000001d9: PUSH1 0x01
000001db: PUSH1 0x01
000001dd: PUSH1 0xa0
000001df: SHL
000001e0: SUB
000001e1: DUP4
000001e2: AND
000001e3: SWAP1
000001e4: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b
00000205: SWAP1
00000206: PUSH1 0x00
00000208: SWAP1
00000209: LOG2
0000020a: DUP1
0000020b: MLOAD
0000020c: ISZERO
0000020d: PUSH2 0x021f
00000210: JUMPI
00000211: PUSH2 0x021a
00000214: DUP3
00000215: DUP3
00000216: PUSH2 0x02a7
00000219: JUMP
0000021a: JUMPDEST
0000021b: POP
0000021c: POP
0000021d: POP
0000021e: JUMP
0000021f: JUMPDEST
00000220: PUSH2 0x0227
00000223: PUSH2 0x031d
00000226: JUMP
00000227: JUMPDEST
00000228: POP
00000229: POP
0000022a: JUMP
0000022b: JUMPDEST
0000022c: DUP1
0000022d: PUSH1 0x01
0000022f: PUSH1 0x01
00000231: PUSH1 0xa0
00000233: SHL
00000234: SUB
00000235: AND
00000236: EXTCODESIZE
00000237: PUSH1 0x00
00000239: SUB
0000023a: PUSH2 0x0266
0000023d: JUMPI
0000023e: PUSH1 0x40
00000240: MLOAD
00000241: PUSH4 0x4c9c8ce3
00000246: PUSH1 0xe0
00000248: SHL
00000249: DUP2
0000024a: MSTORE
0000024b: PUSH1 0x01
0000024d: PUSH1 0x01
0000024f: PUSH1 0xa0
00000251: SHL
00000252: SUB
00000253: DUP3
00000254: AND
00000255: PUSH1 0x04
00000257: DUP3
00000258: ADD
00000259: MSTORE
0000025a: PUSH1 0x24
0000025c: ADD
0000025d: JUMPDEST
0000025e: PUSH1 0x40
00000260: MLOAD
00000261: DUP1
00000262: SWAP2
00000263: SUB
00000264: SWAP1
00000265: REVERT
00000266: JUMPDEST
00000267: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
00000288: DUP1
00000289: SLOAD
0000028a: PUSH1 0x01
0000028c: PUSH1 0x01
0000028e: PUSH1 0xa0
00000290: SHL
00000291: SUB
00000292: NOT
00000293: AND
00000294: PUSH1 0x01
00000296: PUSH1 0x01
00000298: PUSH1 0xa0
0000029a: SHL
0000029b: SUB
0000029c: SWAP3
0000029d: SWAP1
0000029e: SWAP3
0000029f: AND
000002a0: SWAP2
000002a1: SWAP1
000002a2: SWAP2
000002a3: OR
000002a4: SWAP1
000002a5: SSTORE
000002a6: JUMP
000002a7: JUMPDEST
000002a8: PUSH1 0x60
000002aa: PUSH1 0x00
000002ac: DUP1
000002ad: DUP5
000002ae: PUSH1 0x01
000002b0: PUSH1 0x01
000002b2: PUSH1 0xa0
000002b4: SHL
000002b5: SUB
000002b6: AND
000002b7: DUP5
000002b8: PUSH1 0x40
000002ba: MLOAD
000002bb: PUSH2 0x02c4
000002be: SWAP2
000002bf: SWAP1
000002c0: PUSH2 0x03ed
000002c3: JUMP
000002c4: JUMPDEST
000002c5: PUSH1 0x00
000002c7: PUSH1 0x40
000002c9: MLOAD
000002ca: DUP1
000002cb: DUP4
000002cc: SUB
000002cd: DUP2
000002ce: DUP6
000002cf: GAS
000002d0: DELEGATECALL
000002d1: SWAP2
000002d2: POP
000002d3: POP
000002d4: RETURNDATASIZE
000002d5: DUP1
000002d6: PUSH1 0x00
000002d8: DUP2
000002d9: EQ
000002da: PUSH2 0x02ff
000002dd: JUMPI
000002de: PUSH1 0x40
000002e0: MLOAD
000002e1: SWAP2
000002e2: POP
000002e3: PUSH1 0x1f
000002e5: NOT
000002e6: PUSH1 0x3f
000002e8: RETURNDATASIZE
000002e9: ADD
000002ea: AND
000002eb: DUP3
000002ec: ADD
000002ed: PUSH1 0x40
000002ef: MSTORE
000002f0: RETURNDATASIZE
000002f1: DUP3
000002f2: MSTORE
000002f3: RETURNDATASIZE
000002f4: PUSH1 0x00
000002f6: PUSH1 0x20
000002f8: DUP5
000002f9: ADD
000002fa: RETURNDATACOPY
000002fb: PUSH2 0x0304
000002fe: JUMP
000002ff: JUMPDEST
00000300: PUSH1 0x60
00000302: SWAP2
00000303: POP
00000304: JUMPDEST
00000305: POP
00000306: SWAP2
00000307: POP
00000308: SWAP2
00000309: POP
0000030a: PUSH2 0x0314
0000030d: DUP6
0000030e: DUP4
0000030f: DUP4
00000310: PUSH2 0x033c
00000313: JUMP
00000314: JUMPDEST
00000315: SWAP6
00000316: SWAP5
00000317: POP
00000318: POP
00000319: POP
0000031a: POP
0000031b: POP
0000031c: JUMP
0000031d: JUMPDEST
0000031e: CALLVALUE
0000031f: ISZERO
00000320: PUSH2 0x00bf
00000323: JUMPI
00000324: PUSH1 0x40
00000326: MLOAD
00000327: PUSH4 0xb398979f
0000032c: PUSH1 0xe0
0000032e: SHL
0000032f: DUP2
00000330: MSTORE
00000331: PUSH1 0x04
00000333: ADD
00000334: PUSH1 0x40
00000336: MLOAD
00000337: DUP1
00000338: SWAP2
00000339: SUB
0000033a: SWAP1
0000033b: REVERT
0000033c: JUMPDEST
0000033d: PUSH1 0x60
0000033f: DUP3
00000340: PUSH2 0x0351
00000343: JUMPI
00000344: PUSH2 0x034c
00000347: DUP3
00000348: PUSH2 0x039b
0000034b: JUMP
0000034c: JUMPDEST
0000034d: PUSH2 0x0394
00000350: JUMP
00000351: JUMPDEST
00000352: DUP2
00000353: MLOAD
00000354: ISZERO
00000355: DUP1
00000356: ISZERO
00000357: PUSH2 0x0368
0000035a: JUMPI
0000035b: POP
0000035c: PUSH1 0x01
0000035e: PUSH1 0x01
00000360: PUSH1 0xa0
00000362: SHL
00000363: SUB
00000364: DUP5
00000365: AND
00000366: EXTCODESIZE
00000367: ISZERO
00000368: JUMPDEST
00000369: ISZERO
0000036a: PUSH2 0x0391
0000036d: JUMPI
0000036e: PUSH1 0x40
00000370: MLOAD
00000371: PUSH4 0x9996b315
00000376: PUSH1 0xe0
00000378: SHL
00000379: DUP2
0000037a: MSTORE
0000037b: PUSH1 0x01
0000037d: PUSH1 0x01
0000037f: PUSH1 0xa0
00000381: SHL
00000382: SUB
00000383: DUP6
00000384: AND
00000385: PUSH1 0x04
00000387: DUP3
00000388: ADD
00000389: MSTORE
0000038a: PUSH1 0x24
0000038c: ADD
0000038d: PUSH2 0x025d
00000390: JUMP
00000391: JUMPDEST
00000392: POP
00000393: DUP1
00000394: JUMPDEST
00000395: SWAP4
00000396: SWAP3
00000397: POP
00000398: POP
00000399: POP
0000039a: JUMP
0000039b: JUMPDEST
0000039c: DUP1
0000039d: MLOAD
0000039e: ISZERO
0000039f: PUSH2 0x03ab
000003a2: JUMPI
000003a3: DUP1
000003a4: MLOAD
000003a5: DUP1
000003a6: DUP3
000003a7: PUSH1 0x20
000003a9: ADD
000003aa: REVERT
000003ab: JUMPDEST
000003ac: PUSH1 0x40
000003ae: MLOAD
000003af: PUSH4 0x0a12f521
000003b4: PUSH1 0xe1
000003b6: SHL
000003b7: DUP2
000003b8: MSTORE
000003b9: PUSH1 0x04
000003bb: ADD
000003bc: PUSH1 0x40
000003be: MLOAD
000003bf: DUP1
000003c0: SWAP2
000003c1: SUB
000003c2: SWAP1
000003c3: REVERT
000003c4: JUMPDEST
000003c5: PUSH1 0x00
000003c7: PUSH1 0x20
000003c9: DUP3
000003ca: DUP5
000003cb: SUB
000003cc: SLT
000003cd: ISZERO
000003ce: PUSH2 0x03d6
000003d1: JUMPI
000003d2: PUSH1 0x00
000003d4: DUP1
000003d5: REVERT
000003d6: JUMPDEST
000003d7: DUP2
000003d8: CALLDATALOAD
000003d9: PUSH1 0x01
000003db: PUSH1 0x01
000003dd: PUSH1 0xa0
000003df: SHL
000003e0: SUB
000003e1: DUP2
000003e2: AND
000003e3: DUP2
000003e4: EQ
000003e5: PUSH2 0x0394
000003e8: JUMPI
000003e9: PUSH1 0x00
000003eb: DUP1
000003ec: REVERT
000003ed: JUMPDEST
000003ee: PUSH1 0x00
000003f0: DUP3
000003f1: MLOAD
000003f2: PUSH1 0x00
000003f4: JUMPDEST
000003f5: DUP2
000003f6: DUP2
000003f7: LT
000003f8: ISZERO
000003f9: PUSH2 0x040e
000003fc: JUMPI
000003fd: PUSH1 0x20
000003ff: DUP2
00000400: DUP7
00000401: ADD
00000402: DUP2
00000403: ADD
00000404: MLOAD
00000405: DUP6
00000406: DUP4
00000407: ADD
00000408: MSTORE
00000409: ADD
0000040a: PUSH2 0x03f4
0000040d: JUMP
0000040e: JUMPDEST
0000040f: POP
00000410: PUSH1 0x00
00000412: SWAP3
00000413: ADD
00000414: SWAP2
00000415: DUP3
00000416: MSTORE
00000417: POP
00000418: SWAP2
00000419: SWAP1
0000041a: POP
0000041b: JUMP
0000041c: INVALID
0000041d: LOG2
0000041e: PUSH5 0x6970667358
00000424: UNKNOWN(0x22)
00000425: SLT
00000426: KECCAK256
00000427: UNKNOWN(0xBB)
00000428: UNKNOWN(0xF8)
00000429: UNKNOWN(0x22)
0000042a: DUP3
0000042b: OR
0000042c: UNKNOWN(0xED)
0000042d: UNKNOWN(0xE0)
0000042e: UNKNOWN(0x4C)
0000042f: LT
00000430: MSTORE8
00000431: SWAP9
00000432: PUSH23 0xd7b7e1a687a8ba0164fdd5d70997dcb413b8d5b964736f
0000044a: PUSH13

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0xc5f2db5e628cd9f32c8cd4a5e842cc443941bd66499763a55530570e35ad92d0
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 36,
    "trace_id": "0xc5f2db5e628cd9f32c8cd4a5e842cc443941bd66499763a55530570e35ad92d0",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x1ed0bf13",
            "selector": "0x1ed0bf13",
            "calldata_variants": [
                "0x1ed0bf13",
                "0x1ed0bf130000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x6d645b44",
            "selector": "0x6d645b44",
            "calldata_variants": [
                "0x6d645b44",
                "0x6d645b440000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xa37648dc",
            "selector": "0xa37648dc",
            "calldata_variants": [
                "0xa37648dc",
                "0xa37648dc0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 398,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 720,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 2
}