TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019ba906-8cb8-7339-8f11-103ef69b144e

complete
Chain ID
1
Address
0x7304ac11be92a013da2a8a9d77330ea5c1531462
Block Number
Created
Sat, Jan 10, 2026 5:48 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 proxy context implementation known
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
33854 artifact.fetch complete 1 / 3 3 months ago
33855 proxy.resolve complete 1 / 3 3 months ago
33856 tool.cast_disasm complete 1 / 3 3 months ago
33857 analysis.bundle complete 1 / 3 3 months ago
33858 capability.graph complete 1 / 3 3 months ago
33859 detector.run complete 1 / 3 3 months ago
33860 validation.fork complete 1 / 3 3 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: yes confirmed
Implementation:
0xaf565df694636516d3d1749398f25bafb99ad2d2 target (child run)
Verified Source: yes
Proxy evidence 
{
    "method": "etherscan+onchain",
    "status": "confirmed",
    "etherscan_hint": {
        "source": "etherscan",
        "etherscan": {
            "proxy_flag": true,
            "implementation": "0xaf565df694636516d3d1749398f25bafb99ad2d2"
        }
    },
    "implementation": "0xaf565df694636516d3d1749398f25bafb99ad2d2",
    "onchain_method": "eip1967"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
2
Total opcodes
590
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0043
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x5c60da1b
00000019: EQ
0000001a: PUSH2 0x005a
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x8f283970
00000024: EQ
00000025: PUSH2 0x008b
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0xd55ec697
0000002f: EQ
00000030: PUSH2 0x00ab
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xf851a440
0000003a: EQ
0000003b: PUSH2 0x00c0
0000003e: JUMPI
0000003f: PUSH2 0x0052
00000042: JUMP
00000043: JUMPDEST
00000044: CALLDATASIZE
00000045: PUSH2 0x0052
00000048: JUMPI
00000049: PUSH2 0x0050
0000004c: PUSH2 0x00d5
0000004f: JUMP
00000050: JUMPDEST
00000051: STOP
00000052: JUMPDEST
00000053: PUSH2 0x0050
00000056: PUSH2 0x00d5
00000059: JUMP
0000005a: JUMPDEST
0000005b: CALLVALUE
0000005c: DUP1
0000005d: ISZERO
0000005e: PUSH2 0x0066
00000061: JUMPI
00000062: PUSH1 0x00
00000064: DUP1
00000065: REVERT
00000066: JUMPDEST
00000067: POP
00000068: PUSH2 0x006f
0000006b: PUSH2 0x0107
0000006e: JUMP
0000006f: JUMPDEST
00000070: PUSH1 0x40
00000072: MLOAD
00000073: PUSH1 0x01
00000075: PUSH1 0x01
00000077: PUSH1 0xa0
00000079: SHL
0000007a: SUB
0000007b: SWAP1
0000007c: SWAP2
0000007d: AND
0000007e: DUP2
0000007f: MSTORE
00000080: PUSH1 0x20
00000082: ADD
00000083: PUSH1 0x40
00000085: MLOAD
00000086: DUP1
00000087: SWAP2
00000088: SUB
00000089: SWAP1
0000008a: RETURN
0000008b: JUMPDEST
0000008c: CALLVALUE
0000008d: DUP1
0000008e: ISZERO
0000008f: PUSH2 0x0097
00000092: JUMPI
00000093: PUSH1 0x00
00000095: DUP1
00000096: REVERT
00000097: JUMPDEST
00000098: POP
00000099: PUSH2 0x0050
0000009c: PUSH2 0x00a6
0000009f: CALLDATASIZE
000000a0: PUSH1 0x04
000000a2: PUSH2 0x0408
000000a5: JUMP
000000a6: JUMPDEST
000000a7: PUSH2 0x0136
000000aa: JUMP
000000ab: JUMPDEST
000000ac: CALLVALUE
000000ad: DUP1
000000ae: ISZERO
000000af: PUSH2 0x00b7
000000b2: JUMPI
000000b3: PUSH1 0x00
000000b5: DUP1
000000b6: REVERT
000000b7: JUMPDEST
000000b8: POP
000000b9: PUSH2 0x0050
000000bc: PUSH2 0x0250
000000bf: JUMP
000000c0: JUMPDEST
000000c1: CALLVALUE
000000c2: DUP1
000000c3: ISZERO
000000c4: PUSH2 0x00cc
000000c7: JUMPI
000000c8: PUSH1 0x00
000000ca: DUP1
000000cb: REVERT
000000cc: JUMPDEST
000000cd: POP
000000ce: PUSH2 0x006f
000000d1: PUSH2 0x02e6
000000d4: JUMP
000000d5: JUMPDEST
000000d6: PUSH2 0x0105
000000d9: PUSH2 0x0100
000000dc: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000000fd: SLOAD
000000fe: SWAP1
000000ff: JUMP
00000100: JUMPDEST
00000101: PUSH2 0x02fe
00000104: JUMP
00000105: JUMPDEST
00000106: JUMP
00000107: JUMPDEST
00000108: PUSH1 0x00
0000010a: PUSH2 0x0131
0000010d: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
0000012e: SLOAD
0000012f: SWAP1
00000130: JUMP
00000131: JUMPDEST
00000132: SWAP1
00000133: POP
00000134: SWAP1
00000135: JUMP
00000136: JUMPDEST
00000137: PUSH1 0x00
00000139: DUP1
0000013a: MLOAD
0000013b: PUSH1 0x20
0000013d: PUSH2 0x044a
00000140: DUP4
00000141: CODECOPY
00000142: DUP2
00000143: MLOAD
00000144: SWAP2
00000145: MSTORE
00000146: SLOAD
00000147: PUSH1 0x01
00000149: PUSH1 0x01
0000014b: PUSH1 0xa0
0000014d: SHL
0000014e: SUB
0000014f: AND
00000150: CALLER
00000151: SUB
00000152: PUSH2 0x0248
00000155: JUMPI
00000156: PUSH1 0x01
00000158: PUSH1 0x01
0000015a: PUSH1 0xa0
0000015c: SHL
0000015d: SUB
0000015e: DUP2
0000015f: AND
00000160: PUSH2 0x01d6
00000163: JUMPI
00000164: PUSH1 0x40
00000166: MLOAD
00000167: PUSH3 0x461bcd
0000016b: PUSH1 0xe5
0000016d: SHL
0000016e: DUP2
0000016f: MSTORE
00000170: PUSH1 0x20
00000172: PUSH1 0x04
00000174: DUP3
00000175: ADD
00000176: MSTORE
00000177: PUSH1 0x3a
00000179: PUSH1 0x24
0000017b: DUP3
0000017c: ADD
0000017d: MSTORE
0000017e: PUSH32 0x5472616e73706172656e745570677261646561626c6550726f78793a206e6577
0000019f: PUSH1 0x44
000001a1: DUP3
000001a2: ADD
000001a3: MSTORE
000001a4: PUSH32 0x2061646d696e20697320746865207a65726f2061646472657373000000000000
000001c5: PUSH1 0x64
000001c7: DUP3
000001c8: ADD
000001c9: MSTORE
000001ca: PUSH1 0x84
000001cc: ADD
000001cd: JUMPDEST
000001ce: PUSH1 0x40
000001d0: MLOAD
000001d1: DUP1
000001d2: SWAP2
000001d3: SUB
000001d4: SWAP1
000001d5: REVERT
000001d6: JUMPDEST
000001d7: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f
000001f8: PUSH2 0x020d
000001fb: PUSH1 0x00
000001fd: DUP1
000001fe: MLOAD
000001ff: PUSH1 0x20
00000201: PUSH2 0x044a
00000204: DUP4
00000205: CODECOPY
00000206: DUP2
00000207: MLOAD
00000208: SWAP2
00000209: MSTORE
0000020a: SLOAD
0000020b: SWAP1
0000020c: JUMP
0000020d: JUMPDEST
0000020e: PUSH1 0x40
00000210: DUP1
00000211: MLOAD
00000212: PUSH1 0x01
00000214: PUSH1 0x01
00000216: PUSH1 0xa0
00000218: SHL
00000219: SUB
0000021a: SWAP3
0000021b: DUP4
0000021c: AND
0000021d: DUP2
0000021e: MSTORE
0000021f: SWAP2
00000220: DUP5
00000221: AND
00000222: PUSH1 0x20
00000224: DUP4
00000225: ADD
00000226: MSTORE
00000227: ADD
00000228: PUSH1 0x40
0000022a: MLOAD
0000022b: DUP1
0000022c: SWAP2
0000022d: SUB
0000022e: SWAP1
0000022f: LOG1
00000230: PUSH2 0x0245
00000233: DUP2
00000234: PUSH1 0x00
00000236: DUP1
00000237: MLOAD
00000238: PUSH1 0x20
0000023a: PUSH2 0x044a
0000023d: DUP4
0000023e: CODECOPY
0000023f: DUP2
00000240: MLOAD
00000241: SWAP2
00000242: MSTORE
00000243: SSTORE
00000244: JUMP
00000245: JUMPDEST
00000246: POP
00000247: JUMP
00000248: JUMPDEST
00000249: PUSH2 0x0245
0000024c: PUSH2 0x00d5
0000024f: JUMP
00000250: JUMPDEST
00000251: PUSH1 0x00
00000253: DUP1
00000254: MLOAD
00000255: PUSH1 0x20
00000257: PUSH2 0x044a
0000025a: DUP4
0000025b: CODECOPY
0000025c: DUP2
0000025d: MLOAD
0000025e: SWAP2
0000025f: MSTORE
00000260: SLOAD
00000261: PUSH1 0x01
00000263: PUSH1 0x01
00000265: PUSH1 0xa0
00000267: SHL
00000268: SUB
00000269: AND
0000026a: CALLER
0000026b: SUB
0000026c: PUSH2 0x02de
0000026f: JUMPI
00000270: PUSH1 0x00
00000272: ADDRESS
00000273: PUSH1 0x01
00000275: PUSH1 0x01
00000277: PUSH1 0xa0
00000279: SHL
0000027a: SUB
0000027b: AND
0000027c: PUSH4 0x16a27ecd
00000281: PUSH1 0x40
00000283: MLOAD
00000284: DUP2
00000285: PUSH4 0xffffffff
0000028a: AND
0000028b: PUSH1 0xe0
0000028d: SHL
0000028e: DUP2
0000028f: MSTORE
00000290: PUSH1 0x04
00000292: ADD
00000293: PUSH1 0x20
00000295: PUSH1 0x40
00000297: MLOAD
00000298: DUP1
00000299: DUP4
0000029a: SUB
0000029b: DUP2
0000029c: DUP7
0000029d: GAS
0000029e: STATICCALL
0000029f: ISZERO
000002a0: DUP1
000002a1: ISZERO
000002a2: PUSH2 0x02af
000002a5: JUMPI
000002a6: RETURNDATASIZE
000002a7: PUSH1 0x00
000002a9: DUP1
000002aa: RETURNDATACOPY
000002ab: RETURNDATASIZE
000002ac: PUSH1 0x00
000002ae: REVERT
000002af: JUMPDEST
000002b0: POP
000002b1: POP
000002b2: POP
000002b3: POP
000002b4: PUSH1 0x40
000002b6: MLOAD
000002b7: RETURNDATASIZE
000002b8: PUSH1 0x1f
000002ba: NOT
000002bb: PUSH1 0x1f
000002bd: DUP3
000002be: ADD
000002bf: AND
000002c0: DUP3
000002c1: ADD
000002c2: DUP1
000002c3: PUSH1 0x40
000002c5: MSTORE
000002c6: POP
000002c7: DUP2
000002c8: ADD
000002c9: SWAP1
000002ca: PUSH2 0x02d3
000002cd: SWAP2
000002ce: SWAP1
000002cf: PUSH2 0x042c
000002d2: JUMP
000002d3: JUMPDEST
000002d4: SWAP1
000002d5: POP
000002d6: PUSH2 0x0245
000002d9: DUP2
000002da: PUSH2 0x0322
000002dd: JUMP
000002de: JUMPDEST
000002df: PUSH2 0x0105
000002e2: PUSH2 0x00d5
000002e5: JUMP
000002e6: JUMPDEST
000002e7: PUSH1 0x00
000002e9: PUSH2 0x0131
000002ec: PUSH1 0x00
000002ee: DUP1
000002ef: MLOAD
000002f0: PUSH1 0x20
000002f2: PUSH2 0x044a
000002f5: DUP4
000002f6: CODECOPY
000002f7: DUP2
000002f8: MLOAD
000002f9: SWAP2
000002fa: MSTORE
000002fb: SLOAD
000002fc: SWAP1
000002fd: JUMP
000002fe: JUMPDEST
000002ff: CALLDATASIZE
00000300: PUSH1 0x00
00000302: DUP1
00000303: CALLDATACOPY
00000304: PUSH1 0x00
00000306: DUP1
00000307: CALLDATASIZE
00000308: PUSH1 0x00
0000030a: DUP5
0000030b: GAS
0000030c: DELEGATECALL
0000030d: RETURNDATASIZE
0000030e: PUSH1 0x00
00000310: DUP1
00000311: RETURNDATACOPY
00000312: DUP1
00000313: DUP1
00000314: ISZERO
00000315: PUSH2 0x031d
00000318: JUMPI
00000319: RETURNDATASIZE
0000031a: PUSH1 0x00
0000031c: RETURN
0000031d: JUMPDEST
0000031e: RETURNDATASIZE
0000031f: PUSH1 0x00
00000321: REVERT
00000322: JUMPDEST
00000323: PUSH2 0x032b
00000326: DUP2
00000327: PUSH2 0x0362
0000032a: JUMP
0000032b: JUMPDEST
0000032c: PUSH1 0x40
0000032e: MLOAD
0000032f: PUSH1 0x01
00000331: PUSH1 0x01
00000333: PUSH1 0xa0
00000335: SHL
00000336: SUB
00000337: DUP3
00000338: AND
00000339: SWAP1
0000033a: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b
0000035b: SWAP1
0000035c: PUSH1 0x00
0000035e: SWAP1
0000035f: LOG2
00000360: POP
00000361: JUMP
00000362: JUMPDEST
00000363: DUP1
00000364: EXTCODESIZE
00000365: PUSH2 0x03cf
00000368: JUMPI
00000369: PUSH1 0x40
0000036b: MLOAD
0000036c: PUSH3 0x461bcd
00000370: PUSH1 0xe5
00000372: SHL
00000373: DUP2
00000374: MSTORE
00000375: PUSH1 0x20
00000377: PUSH1 0x04
00000379: DUP3
0000037a: ADD
0000037b: MSTORE
0000037c: PUSH1 0x36
0000037e: PUSH1 0x24
00000380: DUP3
00000381: ADD
00000382: MSTORE
00000383: PUSH32 0x5570677261646561626c6550726f78793a206e657720696d706c656d656e7461
000003a4: PUSH1 0x44
000003a6: DUP3
000003a7: ADD
000003a8: MSTORE
000003a9: PUSH22 0x1d1a5bdb881a5cc81b9bdd08184818dbdb9d1c9858dd
000003c0: PUSH1 0x52
000003c2: SHL
000003c3: PUSH1 0x64
000003c5: DUP3
000003c6: ADD
000003c7: MSTORE
000003c8: PUSH1 0x84
000003ca: ADD
000003cb: PUSH2 0x01cd
000003ce: JUMP
000003cf: JUMPDEST
000003d0: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000003f1: SSTORE
000003f2: JUMP
000003f3: JUMPDEST
000003f4: PUSH1 0x01
000003f6: PUSH1 0x01
000003f8: PUSH1 0xa0
000003fa: SHL
000003fb: SUB
000003fc: DUP2
000003fd: AND
000003fe: DUP2
000003ff: EQ
00000400: PUSH2 0x0245
00000403: JUMPI
00000404: PUSH1 0x00
00000406: DUP1
00000407: REVERT
00000408: JUMPDEST
00000409: PUSH1 0x00
0000040b: PUSH1 0x20
0000040d: DUP3
0000040e: DUP5
0000040f: SUB
00000410: SLT
00000411: ISZERO
00000412: PUSH2 0x041a
00000415: JUMPI
00000416: PUSH1 0x00
00000418: DUP1
00000419: REVERT
0000041a: JUMPDEST
0000041b: DUP2
0000041c: CALLDATALOAD
0000041d: PUSH2 0x0425
00000420: DUP2
00000421: PUSH2 0x03f3
00000424: JUMP
00000425: JUMPDEST
00000426: SWAP4
00000427: SWAP3
00000428: POP
00000429: POP
0000042a: POP
0000042b: JUMP
0000042c: JUMPDEST
0000042d: PUSH1 0x00
0000042f: PUSH1 0x20
00000431: DUP3
00000432: DUP5
00000433: SUB
00000434: SLT
00000435: ISZERO
00000436: PUSH2 0x043e
00000439: JUMPI
0000043a: PUSH1 0x00
0000043c: DUP1
0000043d: REVERT
0000043e: JUMPDEST
0000043f: DUP2
00000440: MLOAD
00000441: PUSH2 0x0425
00000444: DUP2
00000445: PUSH2 0x03f3
00000448: JUMP
00000449: INVALID
0000044a: UNKNOWN(0xB5)
0000044b: BALANCE
0000044c: UNKNOWN(0x27)
0000044d: PUSH9 0x4a568b3173ae13b9f8
00000457: UNKNOWN(0xA6)
00000458: ADD
00000459: PUSH15 0x243e63b6e8ee1178d6a717850b5d61
00000469: SUB
0000046a: LOG2
0000046b: PUSH5 0x6970667358
00000471: UNKNOWN(0x22)
00000472: SLT
00000473: KECCAK256
00000474: PUSH25 0x13cadcd8925a58bba97292c74d219013bc5eeb5b34e7a38b7e
0000048e: PUSH3 0x45ab29
00000492: UNKNOWN(0xA9)
00000493: PUSH7 0x64736f6c634300
0000049b: ADDMOD
0000049c: SGT
0000049d: STOP
0000049e: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0x9441fd4a71da4ba8cd3be8443d9ffd06dc2a7319550b9f09881d46dbb45d0d72
call_targets: 0xaf565df694636516d3d1749398f25bafb99ad2d2
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 14,
    "trace_id": "0x9441fd4a71da4ba8cd3be8443d9ffd06dc2a7319550b9f09881d46dbb45d0d72",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xaf565df694636516d3d1749398f25bafb99ad2d2"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x5c60da1b",
            "selector": "0x5c60da1b",
            "calldata_variants": [
                "0x5c60da1b",
                "0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8f283970",
            "selector": "0x8f283970",
            "calldata_variants": [
                "0x8f283970",
                "0x8f2839700000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xd55ec697",
            "selector": "0xd55ec697",
            "calldata_variants": [
                "0xd55ec697",
                "0xd55ec6970000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf851a440",
            "selector": "0xf851a440",
            "calldata_variants": [
                "0xf851a440",
                "0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 780,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 1
}