Analysis Run

019ba92a-2de4-716e-8292-1845456d524b

complete

Chain ID

1

Address

0xef1f7a08151386722649c1b2406d1d92495ab2a0

Block Number

—

Created

Sat, Jan 10, 2026 6:27 PM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Bytecode only

Review Backing

Not yet

Best current signal

Authorization based on tx.origin

crit 0 high 0 direct contract

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
35326	artifact.fetch	complete	1 / 3	3 months ago
35327	proxy.resolve	complete	1 / 3	3 months ago
35328	tool.cast_disasm	complete	1 / 3	3 months ago
35329	analysis.bundle	complete	1 / 3	3 months ago
35330	capability.graph	complete	1 / 3	3 months ago
35331	detector.run	complete	1 / 3	3 months ago
35332	validation.fork	complete	1 / 3	3 months ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: no not_proxy

Implementation:

—

Verified Source: no

Proxy evidence

{
    "status": "not_proxy"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm

Delegatecall

0

Selfdestruct

0

CREATE2

1

CALL-family (heavy)

4

EXT*/BALANCE

2

Total opcodes

548

Flags

create_opcodes_present

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0029
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x60173b92
00000019: EQ
0000001a: PUSH2 0x002b
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0xc8ce5c1b
00000024: EQ
00000025: PUSH2 0x00b0
00000028: JUMPI
00000029: JUMPDEST
0000002a: STOP
0000002b: JUMPDEST
0000002c: PUSH2 0x0029
0000002f: PUSH1 0x04
00000031: DUP1
00000032: CALLDATASIZE
00000033: SUB
00000034: PUSH1 0x60
00000036: DUP2
00000037: LT
00000038: ISZERO
00000039: PUSH2 0x0041
0000003c: JUMPI
0000003d: PUSH1 0x00
0000003f: DUP1
00000040: REVERT
00000041: JUMPDEST
00000042: PUSH1 0x01
00000044: PUSH1 0x01
00000046: PUSH1 0xa0
00000048: SHL
00000049: SUB
0000004a: DUP3
0000004b: CALLDATALOAD
0000004c: AND
0000004d: SWAP2
0000004e: PUSH1 0x20
00000050: DUP2
00000051: ADD
00000052: CALLDATALOAD
00000053: SWAP2
00000054: DUP2
00000055: ADD
00000056: SWAP1
00000057: PUSH1 0x60
00000059: DUP2
0000005a: ADD
0000005b: PUSH1 0x40
0000005d: DUP3
0000005e: ADD
0000005f: CALLDATALOAD
00000060: PUSH5 0x0100000000
00000066: DUP2
00000067: GT
00000068: ISZERO
00000069: PUSH2 0x0071
0000006c: JUMPI
0000006d: PUSH1 0x00
0000006f: DUP1
00000070: REVERT
00000071: JUMPDEST
00000072: DUP3
00000073: ADD
00000074: DUP4
00000075: PUSH1 0x20
00000077: DUP3
00000078: ADD
00000079: GT
0000007a: ISZERO
0000007b: PUSH2 0x0083
0000007e: JUMPI
0000007f: PUSH1 0x00
00000081: DUP1
00000082: REVERT
00000083: JUMPDEST
00000084: DUP1
00000085: CALLDATALOAD
00000086: SWAP1
00000087: PUSH1 0x20
00000089: ADD
0000008a: SWAP2
0000008b: DUP5
0000008c: PUSH1 0x01
0000008e: DUP4
0000008f: MUL
00000090: DUP5
00000091: ADD
00000092: GT
00000093: PUSH5 0x0100000000
00000099: DUP4
0000009a: GT
0000009b: OR
0000009c: ISZERO
0000009d: PUSH2 0x00a5
000000a0: JUMPI
000000a1: PUSH1 0x00
000000a3: DUP1
000000a4: REVERT
000000a5: JUMPDEST
000000a6: POP
000000a7: SWAP1
000000a8: SWAP3
000000a9: POP
000000aa: SWAP1
000000ab: POP
000000ac: PUSH2 0x00de
000000af: JUMP
000000b0: JUMPDEST
000000b1: PUSH2 0x0029
000000b4: PUSH1 0x04
000000b6: DUP1
000000b7: CALLDATASIZE
000000b8: SUB
000000b9: PUSH1 0x40
000000bb: DUP2
000000bc: LT
000000bd: ISZERO
000000be: PUSH2 0x00c6
000000c1: JUMPI
000000c2: PUSH1 0x00
000000c4: DUP1
000000c5: REVERT
000000c6: JUMPDEST
000000c7: POP
000000c8: DUP1
000000c9: CALLDATALOAD
000000ca: ISZERO
000000cb: ISZERO
000000cc: SWAP1
000000cd: PUSH1 0x20
000000cf: ADD
000000d0: CALLDATALOAD
000000d1: PUSH1 0x01
000000d3: PUSH1 0x01
000000d5: PUSH1 0xa0
000000d7: SHL
000000d8: SUB
000000d9: AND
000000da: PUSH2 0x0161
000000dd: JUMP
000000de: JUMPDEST
000000df: PUSH1 0x00
000000e1: SLOAD
000000e2: PUSH1 0x01
000000e4: PUSH1 0x01
000000e6: PUSH1 0xa0
000000e8: SHL
000000e9: SUB
000000ea: AND
000000eb: CALLER
000000ec: EQ
000000ed: PUSH2 0x00f5
000000f0: JUMPI
000000f1: PUSH1 0x00
000000f3: DUP1
000000f4: REVERT
000000f5: JUMPDEST
000000f6: DUP4
000000f7: PUSH1 0x01
000000f9: PUSH1 0x01
000000fb: PUSH1 0xa0
000000fd: SHL
000000fe: SUB
000000ff: AND
00000100: DUP4
00000101: DUP4
00000102: DUP4
00000103: PUSH1 0x40
00000105: MLOAD
00000106: DUP1
00000107: DUP4
00000108: DUP4
00000109: DUP1
0000010a: DUP3
0000010b: DUP5
0000010c: CALLDATACOPY
0000010d: PUSH1 0x40
0000010f: MLOAD
00000110: SWAP3
00000111: ADD
00000112: SWAP5
00000113: POP
00000114: PUSH1 0x00
00000116: SWAP4
00000117: POP
00000118: SWAP1
00000119: SWAP2
0000011a: POP
0000011b: POP
0000011c: DUP1
0000011d: DUP4
0000011e: SUB
0000011f: DUP2
00000120: DUP6
00000121: DUP8
00000122: GAS
00000123: CALL
00000124: SWAP3
00000125: POP
00000126: POP
00000127: POP
00000128: RETURNDATASIZE
00000129: DUP1
0000012a: PUSH1 0x00
0000012c: DUP2
0000012d: EQ
0000012e: PUSH2 0x0153
00000131: JUMPI
00000132: PUSH1 0x40
00000134: MLOAD
00000135: SWAP2
00000136: POP
00000137: PUSH1 0x1f
00000139: NOT
0000013a: PUSH1 0x3f
0000013c: RETURNDATASIZE
0000013d: ADD
0000013e: AND
0000013f: DUP3
00000140: ADD
00000141: PUSH1 0x40
00000143: MSTORE
00000144: RETURNDATASIZE
00000145: DUP3
00000146: MSTORE
00000147: RETURNDATASIZE
00000148: PUSH1 0x00
0000014a: PUSH1 0x20
0000014c: DUP5
0000014d: ADD
0000014e: RETURNDATACOPY
0000014f: PUSH2 0x0158
00000152: JUMP
00000153: JUMPDEST
00000154: PUSH1 0x60
00000156: SWAP2
00000157: POP
00000158: JUMPDEST
00000159: POP
0000015a: POP
0000015b: POP
0000015c: POP
0000015d: POP
0000015e: POP
0000015f: POP
00000160: JUMP
00000161: JUMPDEST
00000162: PUSH1 0x01
00000164: SLOAD
00000165: PUSH1 0x01
00000167: PUSH1 0x01
00000169: PUSH1 0xa0
0000016b: SHL
0000016c: SUB
0000016d: AND
0000016e: ORIGIN
0000016f: EQ
00000170: DUP1
00000171: PUSH2 0x0184
00000174: JUMPI
00000175: POP
00000176: PUSH1 0x00
00000178: SLOAD
00000179: PUSH1 0x01
0000017b: PUSH1 0x01
0000017d: PUSH1 0xa0
0000017f: SHL
00000180: SUB
00000181: AND
00000182: ORIGIN
00000183: EQ
00000184: JUMPDEST
00000185: PUSH2 0x018d
00000188: JUMPI
00000189: PUSH1 0x00
0000018b: DUP1
0000018c: REVERT
0000018d: JUMPDEST
0000018e: PUSH1 0x00
00000190: PUSH1 0x01
00000192: DUP4
00000193: ISZERO
00000194: ISZERO
00000195: EQ
00000196: PUSH2 0x01aa
00000199: JUMPI
0000019a: PUSH1 0x03
0000019c: SLOAD
0000019d: PUSH1 0x01
0000019f: PUSH1 0x01
000001a1: PUSH1 0xa0
000001a3: SHL
000001a4: SUB
000001a5: AND
000001a6: PUSH2 0x01b7
000001a9: JUMP
000001aa: JUMPDEST
000001ab: PUSH1 0x02
000001ad: SLOAD
000001ae: PUSH1 0x01
000001b0: PUSH1 0x01
000001b2: PUSH1 0xa0
000001b4: SHL
000001b5: SUB
000001b6: AND
000001b7: JUMPDEST
000001b8: SWAP1
000001b9: POP
000001ba: PUSH1 0x00
000001bc: DUP3
000001bd: PUSH1 0x01
000001bf: PUSH1 0x01
000001c1: PUSH1 0xa0
000001c3: SHL
000001c4: SUB
000001c5: AND
000001c6: PUSH4 0x70a08231
000001cb: DUP4
000001cc: PUSH1 0x40
000001ce: MLOAD
000001cf: DUP3
000001d0: PUSH4 0xffffffff
000001d5: AND
000001d6: PUSH1 0xe0
000001d8: SHL
000001d9: DUP2
000001da: MSTORE
000001db: PUSH1 0x04
000001dd: ADD
000001de: DUP1
000001df: DUP3
000001e0: PUSH1 0x01
000001e2: PUSH1 0x01
000001e4: PUSH1 0xa0
000001e6: SHL
000001e7: SUB
000001e8: AND
000001e9: DUP2
000001ea: MSTORE
000001eb: PUSH1 0x20
000001ed: ADD
000001ee: SWAP2
000001ef: POP
000001f0: POP
000001f1: PUSH1 0x20
000001f3: PUSH1 0x40
000001f5: MLOAD
000001f6: DUP1
000001f7: DUP4
000001f8: SUB
000001f9: DUP2
000001fa: DUP7
000001fb: DUP1
000001fc: EXTCODESIZE
000001fd: ISZERO
000001fe: DUP1
000001ff: ISZERO
00000200: PUSH2 0x0208
00000203: JUMPI
00000204: PUSH1 0x00
00000206: DUP1
00000207: REVERT
00000208: JUMPDEST
00000209: POP
0000020a: GAS
0000020b: STATICCALL
0000020c: ISZERO
0000020d: DUP1
0000020e: ISZERO
0000020f: PUSH2 0x021c
00000212: JUMPI
00000213: RETURNDATASIZE
00000214: PUSH1 0x00
00000216: DUP1
00000217: RETURNDATACOPY
00000218: RETURNDATASIZE
00000219: PUSH1 0x00
0000021b: REVERT
0000021c: JUMPDEST
0000021d: POP
0000021e: POP
0000021f: POP
00000220: POP
00000221: PUSH1 0x40
00000223: MLOAD
00000224: RETURNDATASIZE
00000225: PUSH1 0x20
00000227: DUP2
00000228: LT
00000229: ISZERO
0000022a: PUSH2 0x0232
0000022d: JUMPI
0000022e: PUSH1 0x00
00000230: DUP1
00000231: REVERT
00000232: JUMPDEST
00000233: POP
00000234: MLOAD
00000235: SWAP1
00000236: POP
00000237: DUP1
00000238: ISZERO
00000239: PUSH2 0x02b0
0000023c: JUMPI
0000023d: PUSH1 0x40
0000023f: DUP1
00000240: MLOAD
00000241: PUSH4 0xd1660f99
00000246: PUSH1 0xe0
00000248: SHL
00000249: DUP2
0000024a: MSTORE
0000024b: PUSH1 0x01
0000024d: PUSH1 0x01
0000024f: PUSH1 0xa0
00000251: SHL
00000252: SUB
00000253: DUP6
00000254: DUP2
00000255: AND
00000256: PUSH1 0x04
00000258: DUP4
00000259: ADD
0000025a: MSTORE
0000025b: ADDRESS
0000025c: PUSH1 0x24
0000025e: DUP4
0000025f: ADD
00000260: MSTORE
00000261: PUSH1 0x04
00000263: NOT
00000264: DUP5
00000265: ADD
00000266: PUSH1 0x44
00000268: DUP4
00000269: ADD
0000026a: MSTORE
0000026b: SWAP2
0000026c: MLOAD
0000026d: SWAP2
0000026e: DUP5
0000026f: AND
00000270: SWAP2
00000271: PUSH4 0xd1660f99
00000276: SWAP2
00000277: PUSH1 0x64
00000279: DUP1
0000027a: DUP3
0000027b: ADD
0000027c: SWAP3
0000027d: PUSH1 0x00
0000027f: SWAP3
00000280: SWAP1
00000281: SWAP2
00000282: SWAP1
00000283: DUP3
00000284: SWAP1
00000285: SUB
00000286: ADD
00000287: DUP2
00000288: DUP4
00000289: DUP8
0000028a: DUP1
0000028b: EXTCODESIZE
0000028c: ISZERO
0000028d: DUP1
0000028e: ISZERO
0000028f: PUSH2 0x0297
00000292: JUMPI
00000293: PUSH1 0x00
00000295: DUP1
00000296: REVERT
00000297: JUMPDEST
00000298: POP
00000299: GAS
0000029a: CALL
0000029b: ISZERO
0000029c: DUP1
0000029d: ISZERO
0000029e: PUSH2 0x02ab
000002a1: JUMPI
000002a2: RETURNDATASIZE
000002a3: PUSH1 0x00
000002a5: DUP1
000002a6: RETURNDATACOPY
000002a7: RETURNDATASIZE
000002a8: PUSH1 0x00
000002aa: REVERT
000002ab: JUMPDEST
000002ac: POP
000002ad: POP
000002ae: POP
000002af: POP
000002b0: JUMPDEST
000002b1: POP
000002b2: POP
000002b3: POP
000002b4: POP
000002b5: JUMP
000002b6: INVALID
000002b7: LOG2
000002b8: PUSH5 0x6970667358
000002be: UNKNOWN(0x22)
000002bf: SLT
000002c0: KECCAK256
000002c1: UNKNOWN(0xF6)
000002c2: TSTORE
000002c3: UNKNOWN(0x2B)
000002c4: CREATE2
000002c5: UNKNOWN(0xBE)
000002c6: DUP7
000002c7: UNKNOWN(0xF9)
000002c8: CALLDATALOAD
000002c9: UNKNOWN(0xDD)
000002ca: SWAP6
000002cb: UNKNOWN(0xD4)
000002cc: JUMPDEST
000002cd: UNKNOWN(0xB6)
000002ce: CHAINID
000002cf: DUP3
000002d0: SWAP8
000002d1: CHAINID
000002d2: PUSH0
000002d3: LT
000002d4: UNKNOWN(0x1F)
000002d5: SWAP8
000002d6: STATICCALL
000002d7: PUSH5 0xe8154e4e6e
000002dd: CALLDATALOAD
000002de: MSTORE8
000002df: BYTE
000002e0: PUSH8 0x64736f6c63430007
000002e9: ADD
000002ea: STOP
000002eb: CALLER

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
high	auth	detector	Authorization based on tx.origin	70	no	—	view validation_json { "reason": "missing sink mapping", "status": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x60173b92", "selector": "0x60173b92", "calldata_variants": [ "0x60173b92", "0x60173b920000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xc8ce5c1b", "selector": "0xc8ce5c1b", "calldata_variants": [ "0xc8ce5c1b", "0xc8ce5c1b0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "guards_detected": [ { "pc": 367, "type": "tx_origin_used" }, { "pc": 387, "type": "tx_origin_used" }, { "pc": 366, "type": "tx_origin_used" }, { "pc": 386, "type": "tx_origin_used" } ] }
medium	other	detector	Untrusted CALL target/value reachable	45	no	no	view trace_id: 0x3e024548326c321fafe4fb75518af6717bde03df6aae2f9a39d4e5b7c1cca8c4 call_targets: 0xef1f7a08151386722649c1b2406d1d92495ab2a0 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x3e024548326c321fafe4fb75518af6717bde03df6aae2f9a39d4e5b7c1cca8c4", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xef1f7a08151386722649c1b2406d1d92495ab2a0" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x60173b92", "selector": "0x60173b92", "calldata_variants": [ "0x60173b92", "0x60173b920000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xc8ce5c1b", "selector": "0xc8ce5c1b", "calldata_variants": [ "0xc8ce5c1b", "0xc8ce5c1b0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 291, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 666, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "call_count": 2, "guards_detected": [ { "pc": 367, "type": "tx_origin_used" }, { "pc": 387, "type": "tx_origin_used" }, { "pc": 366, "type": "tx_origin_used" }, { "pc": 386, "type": "tx_origin_used" } ], "untrusted_call_count": 2 }
medium	other	detector	ETH value transfer possible	40	no	no	view trace_id: 0x3e024548326c321fafe4fb75518af6717bde03df6aae2f9a39d4e5b7c1cca8c4 call_targets: 0xef1f7a08151386722649c1b2406d1d92495ab2a0 target_varies: no classification: constant_target validation_json { "sink": "CALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0x3e024548326c321fafe4fb75518af6717bde03df6aae2f9a39d4e5b7c1cca8c4", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xef1f7a08151386722649c1b2406d1d92495ab2a0" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x60173b92", "selector": "0x60173b92", "calldata_variants": [ "0x60173b92", "0x60173b920000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xc8ce5c1b", "selector": "0xc8ce5c1b", "calldata_variants": [ "0xc8ce5c1b", "0xc8ce5c1b0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "examples": [ { "pc": 291, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" }, { "pc": 666, "opcode": "CALL", "returndata_checked": null, "value_expression_category": "computed", "target_expression_category": "computed" } ], "eth_value_calls": 2, "guards_detected": [ { "pc": 367, "type": "tx_origin_used" }, { "pc": 387, "type": "tx_origin_used" }, { "pc": 366, "type": "tx_origin_used" }, { "pc": 386, "type": "tx_origin_used" } ] }
medium	other	detector	CREATE/CREATE2 reachable	45	no	no	view trace_id: 0xbbade3eea2d8a6506fee777287faeda60780c9cfcfc2fbf3a49baa0563ab8832 validation_json { "sink": "CREATE", "errors": 0, "status": "unknown", "attempts": 4, "trace_id": "0xbbade3eea2d8a6506fee777287faeda60780c9cfcfc2fbf3a49baa0563ab8832", "confirmed": false, "trace_mode": "structLogs", "call_targets": null, "matched_probe": null, "target_varies": null, "classification": "no_sink" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x60173b92", "selector": "0x60173b92", "calldata_variants": [ "0x60173b92", "0x60173b920000000000000000000000000000000000000000000000000000000000000000" ] }, { "calldata": "0xc8ce5c1b", "selector": "0xc8ce5c1b", "calldata_variants": [ "0xc8ce5c1b", "0xc8ce5c1b0000000000000000000000000000000000000000000000000000000000000000" ] } ] } evidence_json { "create_count": 0, "create2_count": 1 }
low	other	cast	Contract creation opcode present	60	no	—	view evidence_json { "notes": "runtime can deploy contracts dynamically via CREATE/CREATE2", "create_count": 0, "create2_count": 1 }