TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019ba940-88b1-738c-9a8f-0f82ad09d1f1

complete
Chain ID
1
Address
0x0e09fabb73bd3ade0a17ecc321fd13a19e81ce82
Block Number
Created
Sat, Jan 10, 2026 6:52 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Bytecode only
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
36371 artifact.fetch complete 1 / 3 3 months ago
36372 proxy.resolve complete 1 / 3 3 months ago
36373 tool.cast_disasm complete 1 / 3 3 months ago
36374 analysis.bundle complete 1 / 3 3 months ago
36375 capability.graph complete 1 / 3 3 months ago
36376 detector.run complete 1 / 3 3 months ago
36377 validation.fork complete 1 / 3 3 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no not_proxy
Implementation:
Verified Source: no
Proxy evidence 
{
    "status": "not_proxy"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
1
Total opcodes
259
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0022
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x10e88892
00000019: EQ
0000001a: PUSH2 0x0094
0000001d: JUMPI
0000001e: PUSH2 0x0023
00000021: JUMP
00000022: JUMPDEST
00000023: JUMPDEST
00000024: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000039: PUSH1 0x00
0000003b: SLOAD
0000003c: AND
0000003d: PUSH32 0xa619486e00000000000000000000000000000000000000000000000000000000
0000005e: PUSH1 0x00
00000060: CALLDATALOAD
00000061: SUB
00000062: PUSH2 0x006f
00000065: JUMPI
00000066: DUP1
00000067: PUSH1 0x00
00000069: MSTORE
0000006a: PUSH1 0x20
0000006c: PUSH1 0x00
0000006e: RETURN
0000006f: JUMPDEST
00000070: CALLDATASIZE
00000071: PUSH1 0x00
00000073: DUP1
00000074: CALLDATACOPY
00000075: PUSH1 0x00
00000077: DUP1
00000078: CALLDATASIZE
00000079: PUSH1 0x00
0000007b: DUP5
0000007c: GAS
0000007d: DELEGATECALL
0000007e: RETURNDATASIZE
0000007f: PUSH1 0x00
00000081: DUP1
00000082: RETURNDATACOPY
00000083: PUSH1 0x00
00000085: DUP2
00000086: SUB
00000087: PUSH2 0x008f
0000008a: JUMPI
0000008b: RETURNDATASIZE
0000008c: PUSH1 0x00
0000008e: REVERT
0000008f: JUMPDEST
00000090: RETURNDATASIZE
00000091: PUSH1 0x00
00000093: RETURN
00000094: JUMPDEST
00000095: CALLVALUE
00000096: DUP1
00000097: ISZERO
00000098: PUSH2 0x00a0
0000009b: JUMPI
0000009c: PUSH1 0x00
0000009e: DUP1
0000009f: REVERT
000000a0: JUMPDEST
000000a1: POP
000000a2: PUSH2 0x00bb
000000a5: PUSH1 0x04
000000a7: DUP1
000000a8: CALLDATASIZE
000000a9: SUB
000000aa: DUP2
000000ab: ADD
000000ac: SWAP1
000000ad: PUSH2 0x00b6
000000b0: SWAP2
000000b1: SWAP1
000000b2: PUSH2 0x01bd
000000b5: JUMP
000000b6: JUMPDEST
000000b7: PUSH2 0x00bd
000000ba: JUMP
000000bb: JUMPDEST
000000bc: STOP
000000bd: JUMPDEST
000000be: PUSH1 0x01
000000c0: PUSH1 0x00
000000c2: SWAP1
000000c3: SLOAD
000000c4: SWAP1
000000c5: PUSH2 0x0100
000000c8: EXP
000000c9: SWAP1
000000ca: DIV
000000cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000e0: AND
000000e1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000f6: AND
000000f7: CALLER
000000f8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000010d: AND
0000010e: EQ
0000010f: PUSH2 0x0117
00000112: JUMPI
00000113: PUSH1 0x00
00000115: DUP1
00000116: REVERT
00000117: JUMPDEST
00000118: DUP1
00000119: PUSH1 0x00
0000011b: DUP1
0000011c: PUSH2 0x0100
0000011f: EXP
00000120: DUP2
00000121: SLOAD
00000122: DUP2
00000123: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000138: MUL
00000139: NOT
0000013a: AND
0000013b: SWAP1
0000013c: DUP4
0000013d: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000152: AND
00000153: MUL
00000154: OR
00000155: SWAP1
00000156: SSTORE
00000157: POP
00000158: POP
00000159: JUMP
0000015a: JUMPDEST
0000015b: PUSH1 0x00
0000015d: DUP1
0000015e: REVERT
0000015f: JUMPDEST
00000160: PUSH1 0x00
00000162: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000177: DUP3
00000178: AND
00000179: SWAP1
0000017a: POP
0000017b: SWAP2
0000017c: SWAP1
0000017d: POP
0000017e: JUMP
0000017f: JUMPDEST
00000180: PUSH1 0x00
00000182: PUSH2 0x018a
00000185: DUP3
00000186: PUSH2 0x015f
00000189: JUMP
0000018a: JUMPDEST
0000018b: SWAP1
0000018c: POP
0000018d: SWAP2
0000018e: SWAP1
0000018f: POP
00000190: JUMP
00000191: JUMPDEST
00000192: PUSH2 0x019a
00000195: DUP2
00000196: PUSH2 0x017f
00000199: JUMP
0000019a: JUMPDEST
0000019b: DUP2
0000019c: EQ
0000019d: PUSH2 0x01a5
000001a0: JUMPI
000001a1: PUSH1 0x00
000001a3: DUP1
000001a4: REVERT
000001a5: JUMPDEST
000001a6: POP
000001a7: JUMP
000001a8: JUMPDEST
000001a9: PUSH1 0x00
000001ab: DUP2
000001ac: CALLDATALOAD
000001ad: SWAP1
000001ae: POP
000001af: PUSH2 0x01b7
000001b2: DUP2
000001b3: PUSH2 0x0191
000001b6: JUMP
000001b7: JUMPDEST
000001b8: SWAP3
000001b9: SWAP2
000001ba: POP
000001bb: POP
000001bc: JUMP
000001bd: JUMPDEST
000001be: PUSH1 0x00
000001c0: PUSH1 0x20
000001c2: DUP3
000001c3: DUP5
000001c4: SUB
000001c5: SLT
000001c6: ISZERO
000001c7: PUSH2 0x01d3
000001ca: JUMPI
000001cb: PUSH2 0x01d2
000001ce: PUSH2 0x015a
000001d1: JUMP
000001d2: JUMPDEST
000001d3: JUMPDEST
000001d4: PUSH1 0x00
000001d6: PUSH2 0x01e1
000001d9: DUP5
000001da: DUP3
000001db: DUP6
000001dc: ADD
000001dd: PUSH2 0x01a8
000001e0: JUMP
000001e1: JUMPDEST
000001e2: SWAP2
000001e3: POP
000001e4: POP
000001e5: SWAP3
000001e6: SWAP2
000001e7: POP
000001e8: POP
000001e9: JUMP
000001ea: INVALID
000001eb: LOG2
000001ec: PUSH5 0x6970667358
000001f2: UNKNOWN(0x22)
000001f3: SLT
000001f4: KECCAK256
000001f5: EQ
000001f6: BLOCKHASH
000001f7: PUSH12 0x0352b962330a82d8b75d095a
00000204: UNKNOWN(0x1F)
00000205: DIFFICULTY
00000206: UNKNOWN(0xA5)
00000207: ADDRESS
00000208: BALANCE
00000209: DUP4
0000020a: UNKNOWN(0xFB)
0000020b: DELEGATECALL
0000020c: PUSH6 0xcbccaf6db0a1
00000213: RETURN
00000214: UNKNOWN(0x27)
00000215: PUSH5 0x736f6c6343
0000021b: STOP
0000021c: ADDMOD
0000021d: GT
0000021e: STOP
0000021f: CALLER

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high upgradeability detector Untrusted DELEGATECALL target reachable 55 no no
view
trace_id: 0x5b8949345890ba8da09226bbe51157298e848d333505f65edc783e9b296f1650
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 12,
    "trace_id": "0x5b8949345890ba8da09226bbe51157298e848d333505f65edc783e9b296f1650",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x10e88892",
            "selector": "0x10e88892",
            "calldata_variants": [
                "0x10e88892",
                "0x10e888920000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 125,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 523,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 247,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 2
}