TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019ba90f-8384-73d0-9600-563d28e84550

complete
Chain ID
1
Address
0xbcda8ee352778071fc7f09b8bfbcd832aa09cee9
Block Number
Created
Sat, Jan 10, 2026 5:58 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
DELEGATECALL present
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
34792 artifact.fetch complete 1 / 3 3 months ago
34793 proxy.resolve complete 1 / 3 3 months ago
34794 tool.cast_disasm complete 1 / 3 3 months ago
34795 analysis.bundle complete 1 / 3 3 months ago
34796 capability.graph complete 1 / 3 3 months ago
34797 detector.run complete 1 / 3 3 months ago
34798 validation.fork complete 1 / 3 3 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no not_proxy
Implementation:
Verified Source: yes
Proxy evidence 
{
    "status": "not_proxy"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
128
Flags
delegatecall_present
View cast disassembly output 
00000000: RETURNDATASIZE
00000001: RETURNDATASIZE
00000002: RETURNDATASIZE
00000003: RETURNDATASIZE
00000004: CALLDATASIZE
00000005: RETURNDATASIZE
00000006: RETURNDATASIZE
00000007: CALLDATACOPY
00000008: PUSH2 0x007f
0000000b: PUSH1 0x37
0000000d: CALLDATASIZE
0000000e: CODECOPY
0000000f: CALLDATASIZE
00000010: PUSH2 0x007f
00000013: ADD
00000014: RETURNDATASIZE
00000015: PUSH20 0x4b3b9a972a884e37fd675ee57f6998da0be47e26
0000002a: GAS
0000002b: DELEGATECALL
0000002c: RETURNDATASIZE
0000002d: RETURNDATASIZE
0000002e: SWAP4
0000002f: DUP1
00000030: RETURNDATACOPY
00000031: PUSH1 0x35
00000033: JUMPI
00000034: REVERT
00000035: JUMPDEST
00000036: RETURN
00000037: STOP
00000038: SWAP11
00000039: SWAP7
0000003a: UNKNOWN(0xEC)
0000003b: SWAP12
0000003c: JUMPI
0000003d: UNKNOWN(0xFB)
0000003e: PUSH5 0xfbc60b423d
00000044: UNKNOWN(0x1F)
00000045: UNKNOWN(0x4D)
00000046: UNKNOWN(0xA7)
00000047: PUSH10 0x1bd3507980ac24aa929e
00000052: UNKNOWN(0xAF)
00000053: POP
00000054: SGT
00000055: UNKNOWN(0xF6)
00000056: NUMBER
00000057: PUSH13 0xda2a7ba190f5cc0ba0b86991c6
00000065: UNKNOWN(0x21)
00000066: DUP12
00000067: CALLDATASIZE
00000068: UNKNOWN(0xC1)
00000069: UNKNOWN(0xD1)
0000006a: SWAP14
0000006b: BLOBBASEFEE
0000006c: UNKNOWN(0x2E)
0000006d: SWAP15
0000006e: UNKNOWN(0xB0)
0000006f: UNKNOWN(0xCE)
00000070: CALLDATASIZE
00000071: MOD
00000072: UNKNOWN(0xEB)
00000073: BASEFEE
00000074: STOP
00000075: STOP
00000076: STOP
00000077: STOP
00000078: STOP
00000079: STOP
0000007a: STOP
0000007b: STOP
0000007c: STOP
0000007d: STOP
0000007e: STOP
0000007f: STOP
00000080: STOP
00000081: STOP
00000082: STOP
00000083: STOP
00000084: STOP
00000085: STOP
00000086: STOP
00000087: STOP
00000088: STOP
00000089: STOP
0000008a: STOP
0000008b: STOP
0000008c: STOP
0000008d: STOP
0000008e: STOP
0000008f: UNKNOWN(0xE8)
00000090: UNKNOWN(0xD4)
00000091: UNKNOWN(0xA5)
00000092: LT
00000093: STOP
00000094: STOP
00000095: STOP
00000096: STOP
00000097: STOP
00000098: STOP
00000099: STOP
0000009a: STOP
0000009b: STOP
0000009c: STOP
0000009d: STOP
0000009e: STOP
0000009f: STOP
000000a0: STOP
000000a1: STOP
000000a2: STOP
000000a3: STOP
000000a4: STOP
000000a5: STOP
000000a6: STOP
000000a7: STOP
000000a8: STOP
000000a9: STOP
000000aa: STOP
000000ab: STOP
000000ac: STOP
000000ad: STOP
000000ae: STOP
000000af: UNKNOWN(0xE8)
000000b0: UNKNOWN(0xD4)
000000b1: UNKNOWN(0xA5)
000000b2: LT
000000b3: STOP
000000b4: STOP
000000b5: PUSH30

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 1
}