TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019ba8a4-ffe4-709e-b313-bf3b8c3c6a41

complete
Chain ID
1
Address
0xd17b3c9784510e33cd5b87b490e79253bcd81e2e
Block Number
Created
Sat, Jan 10, 2026 4:02 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 proxy context implementation known
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
32355 artifact.fetch complete 1 / 3 3 months ago
32356 proxy.resolve complete 1 / 3 3 months ago
32357 tool.cast_disasm complete 1 / 3 3 months ago
32358 analysis.bundle complete 1 / 3 3 months ago
32359 capability.graph complete 1 / 3 3 months ago
32360 detector.run complete 1 / 3 3 months ago
32361 validation.fork complete 1 / 3 3 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: yes confirmed
Implementation:
0xaf780de01dc9c6ff4c29c6556b4666e852951584 target (child run)
Verified Source: yes
Proxy evidence 
{
    "method": "etherscan+onchain",
    "status": "confirmed",
    "etherscan_hint": {
        "source": "etherscan",
        "etherscan": {
            "proxy_flag": true,
            "implementation": "0xaf780de01dc9c6ff4c29c6556b4666e852951584"
        }
    },
    "implementation": "0xaf780de01dc9c6ff4c29c6556b4666e852951584",
    "onchain_method": "eip1967"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
593
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0043
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x5c60da1b
00000019: EQ
0000001a: PUSH2 0x005a
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x704b6c02
00000024: EQ
00000025: PUSH2 0x0085
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0xd784d426
0000002f: EQ
00000030: PUSH2 0x00a5
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xf851a440
0000003a: EQ
0000003b: PUSH2 0x00c5
0000003e: JUMPI
0000003f: PUSH2 0x0052
00000042: JUMP
00000043: JUMPDEST
00000044: CALLDATASIZE
00000045: PUSH2 0x0052
00000048: JUMPI
00000049: PUSH2 0x0050
0000004c: PUSH2 0x00da
0000004f: JUMP
00000050: JUMPDEST
00000051: STOP
00000052: JUMPDEST
00000053: PUSH2 0x0050
00000056: PUSH2 0x00da
00000059: JUMP
0000005a: JUMPDEST
0000005b: CALLVALUE
0000005c: DUP1
0000005d: ISZERO
0000005e: PUSH2 0x0066
00000061: JUMPI
00000062: PUSH1 0x00
00000064: DUP1
00000065: REVERT
00000066: JUMPDEST
00000067: POP
00000068: PUSH2 0x006f
0000006b: PUSH2 0x010a
0000006e: JUMP
0000006f: JUMPDEST
00000070: PUSH1 0x40
00000072: MLOAD
00000073: PUSH2 0x007c
00000076: SWAP2
00000077: SWAP1
00000078: PUSH2 0x0377
0000007b: JUMP
0000007c: JUMPDEST
0000007d: PUSH1 0x40
0000007f: MLOAD
00000080: DUP1
00000081: SWAP2
00000082: SUB
00000083: SWAP1
00000084: RETURN
00000085: JUMPDEST
00000086: CALLVALUE
00000087: DUP1
00000088: ISZERO
00000089: PUSH2 0x0091
0000008c: JUMPI
0000008d: PUSH1 0x00
0000008f: DUP1
00000090: REVERT
00000091: JUMPDEST
00000092: POP
00000093: PUSH2 0x0050
00000096: PUSH2 0x00a0
00000099: CALLDATASIZE
0000009a: PUSH1 0x04
0000009c: PUSH2 0x0349
0000009f: JUMP
000000a0: JUMPDEST
000000a1: PUSH2 0x012f
000000a4: JUMP
000000a5: JUMPDEST
000000a6: CALLVALUE
000000a7: DUP1
000000a8: ISZERO
000000a9: PUSH2 0x00b1
000000ac: JUMPI
000000ad: PUSH1 0x00
000000af: DUP1
000000b0: REVERT
000000b1: JUMPDEST
000000b2: POP
000000b3: PUSH2 0x0050
000000b6: PUSH2 0x00c0
000000b9: CALLDATASIZE
000000ba: PUSH1 0x04
000000bc: PUSH2 0x0349
000000bf: JUMP
000000c0: JUMPDEST
000000c1: PUSH2 0x01d2
000000c4: JUMP
000000c5: JUMPDEST
000000c6: CALLVALUE
000000c7: DUP1
000000c8: ISZERO
000000c9: PUSH2 0x00d1
000000cc: JUMPI
000000cd: PUSH1 0x00
000000cf: DUP1
000000d0: REVERT
000000d1: JUMPDEST
000000d2: POP
000000d3: PUSH2 0x006f
000000d6: PUSH2 0x02c4
000000d9: JUMP
000000da: JUMPDEST
000000db: PUSH1 0x00
000000dd: PUSH2 0x00e4
000000e0: PUSH2 0x010a
000000e3: JUMP
000000e4: JUMPDEST
000000e5: SWAP1
000000e6: POP
000000e7: CALLDATASIZE
000000e8: PUSH1 0x00
000000ea: DUP1
000000eb: CALLDATACOPY
000000ec: PUSH1 0x00
000000ee: DUP1
000000ef: CALLDATASIZE
000000f0: PUSH1 0x00
000000f2: DUP5
000000f3: GAS
000000f4: DELEGATECALL
000000f5: RETURNDATASIZE
000000f6: PUSH1 0x00
000000f8: DUP1
000000f9: RETURNDATACOPY
000000fa: DUP1
000000fb: DUP1
000000fc: ISZERO
000000fd: PUSH2 0x0105
00000100: JUMPI
00000101: RETURNDATASIZE
00000102: PUSH1 0x00
00000104: RETURN
00000105: JUMPDEST
00000106: RETURNDATASIZE
00000107: PUSH1 0x00
00000109: REVERT
0000010a: JUMPDEST
0000010b: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
0000012c: SLOAD
0000012d: SWAP1
0000012e: JUMP
0000012f: JUMPDEST
00000130: PUSH1 0x00
00000132: PUSH2 0x0139
00000135: PUSH2 0x02c4
00000138: JUMP
00000139: JUMPDEST
0000013a: SWAP1
0000013b: POP
0000013c: CALLER
0000013d: PUSH1 0x01
0000013f: PUSH1 0x01
00000141: PUSH1 0xa0
00000143: SHL
00000144: SUB
00000145: DUP3
00000146: AND
00000147: EQ
00000148: PUSH2 0x016c
0000014b: JUMPI
0000014c: PUSH1 0x40
0000014e: MLOAD
0000014f: PUSH3 0x461bcd
00000153: PUSH1 0xe5
00000155: SHL
00000156: DUP2
00000157: MSTORE
00000158: PUSH1 0x04
0000015a: ADD
0000015b: PUSH2 0x0163
0000015e: SWAP1
0000015f: PUSH2 0x03e1
00000162: JUMP
00000163: JUMPDEST
00000164: PUSH1 0x40
00000166: MLOAD
00000167: DUP1
00000168: SWAP2
00000169: SUB
0000016a: SWAP1
0000016b: REVERT
0000016c: JUMPDEST
0000016d: DUP1
0000016e: PUSH1 0x01
00000170: PUSH1 0x01
00000172: PUSH1 0xa0
00000174: SHL
00000175: SUB
00000176: AND
00000177: DUP3
00000178: PUSH1 0x01
0000017a: PUSH1 0x01
0000017c: PUSH1 0xa0
0000017e: SHL
0000017f: SUB
00000180: AND
00000181: EQ
00000182: ISZERO
00000183: PUSH2 0x019e
00000186: JUMPI
00000187: PUSH1 0x40
00000189: MLOAD
0000018a: PUSH3 0x461bcd
0000018e: PUSH1 0xe5
00000190: SHL
00000191: DUP2
00000192: MSTORE
00000193: PUSH1 0x04
00000195: ADD
00000196: PUSH2 0x0163
00000199: SWAP1
0000019a: PUSH2 0x03a5
0000019d: JUMP
0000019e: JUMPDEST
0000019f: PUSH1 0x01
000001a1: PUSH1 0x01
000001a3: PUSH1 0xa0
000001a5: SHL
000001a6: SUB
000001a7: DUP3
000001a8: AND
000001a9: PUSH2 0x01c4
000001ac: JUMPI
000001ad: PUSH1 0x40
000001af: MLOAD
000001b0: PUSH3 0x461bcd
000001b4: PUSH1 0xe5
000001b6: SHL
000001b7: DUP2
000001b8: MSTORE
000001b9: PUSH1 0x04
000001bb: ADD
000001bc: PUSH2 0x0163
000001bf: SWAP1
000001c0: PUSH2 0x03c3
000001c3: JUMP
000001c4: JUMPDEST
000001c5: PUSH2 0x01ce
000001c8: DUP2
000001c9: DUP4
000001ca: PUSH2 0x02e9
000001cd: JUMP
000001ce: JUMPDEST
000001cf: POP
000001d0: POP
000001d1: JUMP
000001d2: JUMPDEST
000001d3: PUSH2 0x01da
000001d6: PUSH2 0x02c4
000001d9: JUMP
000001da: JUMPDEST
000001db: PUSH1 0x01
000001dd: PUSH1 0x01
000001df: PUSH1 0xa0
000001e1: SHL
000001e2: SUB
000001e3: AND
000001e4: CALLER
000001e5: PUSH1 0x01
000001e7: PUSH1 0x01
000001e9: PUSH1 0xa0
000001eb: SHL
000001ec: SUB
000001ed: AND
000001ee: EQ
000001ef: PUSH2 0x020a
000001f2: JUMPI
000001f3: PUSH1 0x40
000001f5: MLOAD
000001f6: PUSH3 0x461bcd
000001fa: PUSH1 0xe5
000001fc: SHL
000001fd: DUP2
000001fe: MSTORE
000001ff: PUSH1 0x04
00000201: ADD
00000202: PUSH2 0x0163
00000205: SWAP1
00000206: PUSH2 0x03e1
00000209: JUMP
0000020a: JUMPDEST
0000020b: PUSH2 0x0212
0000020e: PUSH2 0x010a
00000211: JUMP
00000212: JUMPDEST
00000213: PUSH1 0x01
00000215: PUSH1 0x01
00000217: PUSH1 0xa0
00000219: SHL
0000021a: SUB
0000021b: AND
0000021c: DUP2
0000021d: PUSH1 0x01
0000021f: PUSH1 0x01
00000221: PUSH1 0xa0
00000223: SHL
00000224: SUB
00000225: AND
00000226: EQ
00000227: ISZERO
00000228: PUSH2 0x0243
0000022b: JUMPI
0000022c: PUSH1 0x40
0000022e: MLOAD
0000022f: PUSH3 0x461bcd
00000233: PUSH1 0xe5
00000235: SHL
00000236: DUP2
00000237: MSTORE
00000238: PUSH1 0x04
0000023a: ADD
0000023b: PUSH2 0x0163
0000023e: SWAP1
0000023f: PUSH2 0x03a5
00000242: JUMP
00000243: JUMPDEST
00000244: PUSH1 0x01
00000246: PUSH1 0x01
00000248: PUSH1 0xa0
0000024a: SHL
0000024b: SUB
0000024c: DUP2
0000024d: AND
0000024e: PUSH2 0x0269
00000251: JUMPI
00000252: PUSH1 0x40
00000254: MLOAD
00000255: PUSH3 0x461bcd
00000259: PUSH1 0xe5
0000025b: SHL
0000025c: DUP2
0000025d: MSTORE
0000025e: PUSH1 0x04
00000260: ADD
00000261: PUSH2 0x0163
00000264: SWAP1
00000265: PUSH2 0x03c3
00000268: JUMP
00000269: JUMPDEST
0000026a: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
0000028b: DUP2
0000028c: SWAP1
0000028d: SSTORE
0000028e: PUSH1 0x40
00000290: MLOAD
00000291: PUSH1 0x01
00000293: PUSH1 0x01
00000295: PUSH1 0xa0
00000297: SHL
00000298: SUB
00000299: DUP3
0000029a: AND
0000029b: SWAP1
0000029c: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b
000002bd: SWAP1
000002be: PUSH1 0x00
000002c0: SWAP1
000002c1: LOG2
000002c2: POP
000002c3: JUMP
000002c4: JUMPDEST
000002c5: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
000002e6: SLOAD
000002e7: SWAP1
000002e8: JUMP
000002e9: JUMPDEST
000002ea: DUP1
000002eb: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
0000030c: SSTORE
0000030d: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f
0000032e: DUP3
0000032f: DUP3
00000330: PUSH1 0x40
00000332: MLOAD
00000333: PUSH2 0x033d
00000336: SWAP3
00000337: SWAP2
00000338: SWAP1
00000339: PUSH2 0x038b
0000033c: JUMP
0000033d: JUMPDEST
0000033e: PUSH1 0x40
00000340: MLOAD
00000341: DUP1
00000342: SWAP2
00000343: SUB
00000344: SWAP1
00000345: LOG1
00000346: POP
00000347: POP
00000348: JUMP
00000349: JUMPDEST
0000034a: PUSH1 0x00
0000034c: PUSH1 0x20
0000034e: DUP3
0000034f: DUP5
00000350: SUB
00000351: SLT
00000352: ISZERO
00000353: PUSH2 0x035a
00000356: JUMPI
00000357: DUP1
00000358: DUP2
00000359: REVERT
0000035a: JUMPDEST
0000035b: DUP2
0000035c: CALLDATALOAD
0000035d: PUSH1 0x01
0000035f: PUSH1 0x01
00000361: PUSH1 0xa0
00000363: SHL
00000364: SUB
00000365: DUP2
00000366: AND
00000367: DUP2
00000368: EQ
00000369: PUSH2 0x0370
0000036c: JUMPI
0000036d: DUP2
0000036e: DUP3
0000036f: REVERT
00000370: JUMPDEST
00000371: SWAP4
00000372: SWAP3
00000373: POP
00000374: POP
00000375: POP
00000376: JUMP
00000377: JUMPDEST
00000378: PUSH1 0x01
0000037a: PUSH1 0x01
0000037c: PUSH1 0xa0
0000037e: SHL
0000037f: SUB
00000380: SWAP2
00000381: SWAP1
00000382: SWAP2
00000383: AND
00000384: DUP2
00000385: MSTORE
00000386: PUSH1 0x20
00000388: ADD
00000389: SWAP1
0000038a: JUMP
0000038b: JUMPDEST
0000038c: PUSH1 0x01
0000038e: PUSH1 0x01
00000390: PUSH1 0xa0
00000392: SHL
00000393: SUB
00000394: SWAP3
00000395: DUP4
00000396: AND
00000397: DUP2
00000398: MSTORE
00000399: SWAP2
0000039a: AND
0000039b: PUSH1 0x20
0000039d: DUP3
0000039e: ADD
0000039f: MSTORE
000003a0: PUSH1 0x40
000003a2: ADD
000003a3: SWAP1
000003a4: JUMP
000003a5: JUMPDEST
000003a6: PUSH1 0x20
000003a8: DUP1
000003a9: DUP3
000003aa: MSTORE
000003ab: PUSH1 0x04
000003ad: SWAP1
000003ae: DUP3
000003af: ADD
000003b0: MSTORE
000003b1: PUSH4 0x50583031
000003b6: PUSH1 0xe0
000003b8: SHL
000003b9: PUSH1 0x40
000003bb: DUP3
000003bc: ADD
000003bd: MSTORE
000003be: PUSH1 0x60
000003c0: ADD
000003c1: SWAP1
000003c2: JUMP
000003c3: JUMPDEST
000003c4: PUSH1 0x20
000003c6: DUP1
000003c7: DUP3
000003c8: MSTORE
000003c9: PUSH1 0x04
000003cb: SWAP1
000003cc: DUP3
000003cd: ADD
000003ce: MSTORE
000003cf: PUSH4 0x282c1819
000003d4: PUSH1 0xe1
000003d6: SHL
000003d7: PUSH1 0x40
000003d9: DUP3
000003da: ADD
000003db: MSTORE
000003dc: PUSH1 0x60
000003de: ADD
000003df: SWAP1
000003e0: JUMP
000003e1: JUMPDEST
000003e2: PUSH1 0x20
000003e4: DUP1
000003e5: DUP3
000003e6: MSTORE
000003e7: PUSH1 0x04
000003e9: SWAP1
000003ea: DUP3
000003eb: ADD
000003ec: MSTORE
000003ed: PUSH4 0x05058303
000003f2: PUSH1 0xe4
000003f4: SHL
000003f5: PUSH1 0x40
000003f7: DUP3
000003f8: ADD
000003f9: MSTORE
000003fa: PUSH1 0x60
000003fc: ADD
000003fd: SWAP1
000003fe: JUMP
000003ff: INVALID
00000400: LOG2
00000401: PUSH5 0x6970667358
00000407: UNKNOWN(0x22)
00000408: SLT
00000409: KECCAK256
0000040a: UNKNOWN(0xD6)
0000040b: UNKNOWN(0xC3)
0000040c: UNKNOWN(0x29)
0000040d: UNKNOWN(0x4D)
0000040e: PUSH9 0xfd1d5446e9fba39af9
00000418: UNKNOWN(0xBC)
00000419: GT
0000041a: LOG1
0000041b: DUP16
0000041c: DUP7
0000041d: UNKNOWN(0xE1)
0000041e: SWAP3
0000041f: UNKNOWN(0x2C)
00000420: UNKNOWN(0x29)
00000421: UNKNOWN(0xF6)
00000422: UNKNOWN(0x4D)
00000423: UNKNOWN(0xC7)
00000424: UNKNOWN(0x0E)
00000425: UNKNOWN(0x4F)
00000426: UNKNOWN(0x0E)
00000427: UNKNOWN(0xEF)
00000428: UNKNOWN(0x28)
00000429: ADDRESS
0000042a: PUSH5 0x736f6c6343
00000430: STOP
00000431: SMOD
00000432: MOD
00000433: STOP
00000434: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0x765e195ba1a108fb98b8abaaaadfd03ed0c2fccde9ef9a2e2756c46b085696f5
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 48,
    "trace_id": "0x765e195ba1a108fb98b8abaaaadfd03ed0c2fccde9ef9a2e2756c46b085696f5",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x5c60da1b",
            "selector": "0x5c60da1b",
            "calldata_variants": [
                "0x5c60da1b",
                "0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x704b6c02",
            "selector": "0x704b6c02",
            "calldata_variants": [
                "0x704b6c02",
                "0x704b6c020000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd784d426",
            "selector": "0xd784d426",
            "calldata_variants": [
                "0xd784d426",
                "0xd784d4260000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf851a440",
            "selector": "0xf851a440",
            "calldata_variants": [
                "0xf851a440",
                "0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 244,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 1
}