TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019ba940-8814-7278-869a-d9b89066625c

complete
Chain ID
1
Address
0xd1d0c2f4291f7002e1591d2a87975f0701a3fa2c
Block Number
Created
Sat, Jan 10, 2026 6:52 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
DELEGATECALL present
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
36231 artifact.fetch complete 1 / 3 3 months ago
36232 proxy.resolve complete 1 / 3 3 months ago
36233 tool.cast_disasm complete 1 / 3 3 months ago
36234 analysis.bundle complete 1 / 3 3 months ago
36235 capability.graph complete 1 / 3 3 months ago
36236 detector.run complete 1 / 3 3 months ago
36237 validation.fork complete 1 / 3 3 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no not_proxy
Implementation:
Verified Source: yes
Proxy evidence 
{
    "status": "not_proxy"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
17
Flags
delegatecall_present
View cast disassembly output 
00000000: CALLDATASIZE
00000001: PUSH1 0x00
00000003: PUSH1 0x00
00000005: CALLDATACOPY
00000006: PUSH2 0x1000
00000009: PUSH1 0x00
0000000b: CALLDATASIZE
0000000c: PUSH1 0x00
0000000e: PUSH20 0x575ba30c7b77fa0eebd34cc5416538323c4e5612
00000023: GAS
00000024: DELEGATECALL
00000025: ISZERO
00000026: PC
00000027: JUMPI
00000028: PUSH2 0x1000
0000002b: PUSH1 0x00
0000002d: RETURN

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 1
}