TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019ba8b4-4f42-7395-a900-9a2e5a25ba8f

complete
Chain ID
1
Address
0xd402937b3ff3c187f727c1146a9e846275e9f711
Block Number
Created
Sat, Jan 10, 2026 4:19 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 proxy context implementation known
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
32706 artifact.fetch complete 1 / 3 3 months ago
32707 proxy.resolve complete 1 / 3 3 months ago
32708 tool.cast_disasm complete 1 / 3 3 months ago
32709 analysis.bundle complete 1 / 3 3 months ago
32710 capability.graph complete 1 / 3 3 months ago
32711 detector.run complete 1 / 3 3 months ago
32712 validation.fork complete 1 / 3 3 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: yes confirmed
Implementation:
0x06a56487494aa080dec7bf69128eda9225784553 target (child run)
Verified Source: yes
Proxy evidence 
{
    "method": "etherscan+onchain",
    "status": "confirmed",
    "etherscan_hint": {
        "source": "etherscan",
        "etherscan": {
            "proxy_flag": true,
            "implementation": "0x06a56487494aa080dec7bf69128eda9225784553"
        }
    },
    "implementation": "0x06a56487494aa080dec7bf69128eda9225784553",
    "onchain_method": "beacon"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
0
Total opcodes
274
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0185
0000000c: JUMPI
0000000d: PUSH0
0000000e: CALLDATALOAD
0000000f: PUSH1 0xe0
00000011: SHR
00000012: DUP1
00000013: PUSH4 0x5c60da1b
00000018: EQ
00000019: PUSH2 0x0073
0000001c: JUMPI
0000001d: PUSH4 0x6d371894
00000022: SUB
00000023: PUSH2 0x0185
00000026: JUMPI
00000027: CALLVALUE
00000028: PUSH2 0x006f
0000002b: JUMPI
0000002c: PUSH0
0000002d: CALLDATASIZE
0000002e: PUSH1 0x03
00000030: NOT
00000031: ADD
00000032: SLT
00000033: PUSH2 0x006f
00000036: JUMPI
00000037: PUSH32 0x8d75cfa6c9a3cd2fb8b6d445eafb32adc5497a45b333009f9000379f7024f9f5
00000058: SLOAD
00000059: PUSH1 0x40
0000005b: MLOAD
0000005c: PUSH1 0x01
0000005e: PUSH1 0x01
00000060: PUSH1 0xa0
00000062: SHL
00000063: SUB
00000064: SWAP1
00000065: SWAP2
00000066: AND
00000067: ISZERO
00000068: ISZERO
00000069: DUP2
0000006a: MSTORE
0000006b: PUSH1 0x20
0000006d: SWAP1
0000006e: RETURN
0000006f: JUMPDEST
00000070: PUSH0
00000071: DUP1
00000072: REVERT
00000073: JUMPDEST
00000074: CALLVALUE
00000075: PUSH2 0x006f
00000078: JUMPI
00000079: PUSH0
0000007a: CALLDATASIZE
0000007b: PUSH1 0x03
0000007d: NOT
0000007e: ADD
0000007f: SLT
00000080: PUSH2 0x006f
00000083: JUMPI
00000084: PUSH1 0x20
00000086: PUSH2 0x008d
00000089: PUSH2 0x009f
0000008c: JUMP
0000008d: JUMPDEST
0000008e: PUSH1 0x40
00000090: MLOAD
00000091: PUSH1 0x01
00000093: PUSH1 0x01
00000095: PUSH1 0xa0
00000097: SHL
00000098: SUB
00000099: SWAP1
0000009a: SWAP2
0000009b: AND
0000009c: DUP2
0000009d: MSTORE
0000009e: RETURN
0000009f: JUMPDEST
000000a0: PUSH32 0x8d75cfa6c9a3cd2fb8b6d445eafb32adc5497a45b333009f9000379f7024f9f5
000000c1: SLOAD
000000c2: PUSH1 0x01
000000c4: PUSH1 0x01
000000c6: PUSH1 0xa0
000000c8: SHL
000000c9: SUB
000000ca: SWAP1
000000cb: DUP2
000000cc: AND
000000cd: DUP1
000000ce: PUSH2 0x0180
000000d1: JUMPI
000000d2: POP
000000d3: PUSH1 0x20
000000d5: PUSH1 0x04
000000d7: SWAP2
000000d8: PUSH1 0x40
000000da: MLOAD
000000db: SWAP3
000000dc: DUP4
000000dd: DUP1
000000de: SWAP3
000000df: PUSH4 0x5c60da1b
000000e4: PUSH1 0xe0
000000e6: SHL
000000e7: DUP3
000000e8: MSTORE
000000e9: PUSH32 0x0000000000000000000000005fbe8cef9ccc56ad245736d3c5baf82ad54ca789
0000010a: AND
0000010b: GAS
0000010c: STATICCALL
0000010d: SWAP1
0000010e: DUP2
0000010f: ISZERO
00000110: PUSH2 0x0175
00000113: JUMPI
00000114: PUSH0
00000115: SWAP2
00000116: PUSH2 0x011d
00000119: JUMPI
0000011a: POP
0000011b: SWAP1
0000011c: JUMP
0000011d: JUMPDEST
0000011e: PUSH1 0x20
00000120: SWAP2
00000121: POP
00000122: RETURNDATASIZE
00000123: DUP3
00000124: GT
00000125: PUSH2 0x016d
00000128: JUMPI
00000129: JUMPDEST
0000012a: PUSH1 0x1f
0000012c: DUP3
0000012d: ADD
0000012e: PUSH1 0x1f
00000130: NOT
00000131: AND
00000132: DUP2
00000133: ADD
00000134: SWAP2
00000135: PUSH8 0xffffffffffffffff
0000013e: DUP4
0000013f: GT
00000140: DUP3
00000141: DUP5
00000142: LT
00000143: OR
00000144: PUSH2 0x0159
00000147: JUMPI
00000148: PUSH2 0x0156
0000014b: SWAP3
0000014c: PUSH1 0x40
0000014e: MSTORE
0000014f: DUP2
00000150: ADD
00000151: SWAP1
00000152: PUSH2 0x01a9
00000155: JUMP
00000156: JUMPDEST
00000157: SWAP1
00000158: JUMP
00000159: JUMPDEST
0000015a: PUSH4 0x4e487b71
0000015f: PUSH1 0xe0
00000161: SHL
00000162: PUSH0
00000163: MSTORE
00000164: PUSH1 0x41
00000166: PUSH1 0x04
00000168: MSTORE
00000169: PUSH1 0x24
0000016b: PUSH0
0000016c: REVERT
0000016d: JUMPDEST
0000016e: RETURNDATASIZE
0000016f: SWAP2
00000170: POP
00000171: PUSH2 0x0129
00000174: JUMP
00000175: JUMPDEST
00000176: PUSH1 0x40
00000178: MLOAD
00000179: RETURNDATASIZE
0000017a: PUSH0
0000017b: DUP3
0000017c: RETURNDATACOPY
0000017d: RETURNDATASIZE
0000017e: SWAP1
0000017f: REVERT
00000180: JUMPDEST
00000181: SWAP1
00000182: POP
00000183: SWAP1
00000184: JUMP
00000185: JUMPDEST
00000186: PUSH0
00000187: DUP1
00000188: PUSH2 0x018f
0000018b: PUSH2 0x009f
0000018e: JUMP
0000018f: JUMPDEST
00000190: CALLDATASIZE
00000191: DUP3
00000192: DUP1
00000193: CALLDATACOPY
00000194: DUP2
00000195: CALLDATASIZE
00000196: SWAP2
00000197: GAS
00000198: DELEGATECALL
00000199: RETURNDATASIZE
0000019a: PUSH0
0000019b: DUP1
0000019c: RETURNDATACOPY
0000019d: ISZERO
0000019e: PUSH2 0x01a5
000001a1: JUMPI
000001a2: RETURNDATASIZE
000001a3: PUSH0
000001a4: RETURN
000001a5: JUMPDEST
000001a6: RETURNDATASIZE
000001a7: PUSH0
000001a8: REVERT
000001a9: JUMPDEST
000001aa: SWAP1
000001ab: DUP2
000001ac: PUSH1 0x20
000001ae: SWAP2
000001af: SUB
000001b0: SLT
000001b1: PUSH2 0x006f
000001b4: JUMPI
000001b5: MLOAD
000001b6: PUSH1 0x01
000001b8: PUSH1 0x01
000001ba: PUSH1 0xa0
000001bc: SHL
000001bd: SUB
000001be: DUP2
000001bf: AND
000001c0: DUP2
000001c1: SUB
000001c2: PUSH2 0x006f
000001c5: JUMPI
000001c6: SWAP1
000001c7: JUMP
000001c8: INVALID
000001c9: LOG2
000001ca: PUSH5 0x6970667358
000001d0: UNKNOWN(0x22)
000001d1: SLT
000001d2: KECCAK256
000001d3: DUP11
000001d4: SWAP1
000001d5: JUMP
000001d6: UNKNOWN(0xB0)
000001d7: SDIV
000001d8: DUP5
000001d9: DELEGATECALL
000001da: UNKNOWN(0xB3)
000001db: AND
000001dc: SWAP6
000001dd: SSTORE
000001de: PUSH32

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0x77450baf4d3e8a0bac6b59d89f27b1e37ce9ad30506b10ddc989f15ef6a3a8eb
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 12,
    "trace_id": "0x77450baf4d3e8a0bac6b59d89f27b1e37ce9ad30506b10ddc989f15ef6a3a8eb",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x5c60da1b",
            "selector": "0x5c60da1b",
            "calldata_variants": [
                "0x5c60da1b",
                "0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 408,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 473,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 2
}