TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019ba9a5-c758-7135-a5b0-fd4aedd4fac4

complete
Chain ID
1
Address
0xe300b3a6b24cb3c5c87034155f7fff7f77c862a0
Block Number
Created
Sat, Jan 10, 2026 8:42 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
DELEGATECALL present
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
37353 artifact.fetch complete 1 / 3 3 months ago
37354 proxy.resolve complete 1 / 3 3 months ago
37355 tool.cast_disasm complete 1 / 3 3 months ago
37356 analysis.bundle complete 1 / 3 3 months ago
37357 capability.graph complete 1 / 3 3 months ago
37358 detector.run complete 1 / 3 3 months ago
37359 validation.fork complete 1 / 3 3 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no not_proxy
Implementation:
Verified Source: yes
Proxy evidence 
{
    "status": "not_proxy"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate

No codex job recorded yet.

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
1
Total opcodes
98
Flags
delegatecall_present
View cast disassembly output 
00000000: RETURNDATASIZE
00000001: RETURNDATASIZE
00000002: RETURNDATASIZE
00000003: RETURNDATASIZE
00000004: CALLDATASIZE
00000005: RETURNDATASIZE
00000006: RETURNDATASIZE
00000007: CALLDATACOPY
00000008: PUSH2 0x007f
0000000b: PUSH1 0x37
0000000d: CALLDATASIZE
0000000e: CODECOPY
0000000f: CALLDATASIZE
00000010: PUSH2 0x007f
00000013: ADD
00000014: RETURNDATASIZE
00000015: PUSH20 0x4b3b9a972a884e37fd675ee57f6998da0be47e26
0000002a: GAS
0000002b: DELEGATECALL
0000002c: RETURNDATASIZE
0000002d: RETURNDATASIZE
0000002e: SWAP4
0000002f: DUP1
00000030: RETURNDATACOPY
00000031: PUSH1 0x35
00000033: JUMPI
00000034: REVERT
00000035: JUMPDEST
00000036: RETURN
00000037: STOP
00000038: SWAP11
00000039: SWAP7
0000003a: UNKNOWN(0xEC)
0000003b: SWAP12
0000003c: JUMPI
0000003d: UNKNOWN(0xFB)
0000003e: PUSH5 0xfbc60b423d
00000044: UNKNOWN(0x1F)
00000045: UNKNOWN(0x4D)
00000046: UNKNOWN(0xA7)
00000047: PUSH10 0x1bd35079ae78736cd615
00000052: RETURN
00000053: PUSH21 0xd3085123a210448e74fc6393c02aaa39b223fe8d0a
00000069: UNKNOWN(0x0E)
0000006a: TLOAD
0000006b: UNKNOWN(0x4F)
0000006c: UNKNOWN(0x27)
0000006d: UNKNOWN(0xEA)
0000006e: UNKNOWN(0xD9)
0000006f: ADDMOD
00000070: EXTCODECOPY
00000071: PUSH22 0x6cc20000000000000000000000000000000000000000
00000088: STOP
00000089: STOP
0000008a: STOP
0000008b: STOP
0000008c: STOP
0000008d: STOP
0000008e: STOP
0000008f: STOP
00000090: STOP
00000091: STOP
00000092: STOP
00000093: ADD
00000094: STOP
00000095: STOP
00000096: STOP
00000097: STOP
00000098: STOP
00000099: STOP
0000009a: STOP
0000009b: STOP
0000009c: STOP
0000009d: STOP
0000009e: STOP
0000009f: STOP
000000a0: STOP
000000a1: STOP
000000a2: STOP
000000a3: STOP
000000a4: STOP
000000a5: STOP
000000a6: STOP
000000a7: STOP
000000a8: STOP
000000a9: STOP
000000aa: STOP
000000ab: STOP
000000ac: STOP
000000ad: STOP
000000ae: STOP
000000af: STOP
000000b0: STOP
000000b1: STOP
000000b2: STOP
000000b3: ADD
000000b4: STOP
000000b5: PUSH30

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 1
}