TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

019ba9bc-ecc6-733e-8c61-70edd60929b0

complete
Chain ID
1
Address
0x2453c1216e49704d84ea98a4dacd95738f2fc8ec
Block Number
Created
Sat, Jan 10, 2026 9:08 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 proxy context implementation known
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
37888 artifact.fetch complete 1 / 3 3 months ago
37889 proxy.resolve complete 1 / 3 3 months ago
37890 tool.cast_disasm complete 1 / 3 3 months ago
37891 analysis.bundle complete 1 / 3 3 months ago
37892 capability.graph complete 1 / 3 3 months ago
37893 detector.run complete 1 / 3 3 months ago
37894 validation.fork complete 1 / 3 3 months ago
37975 report.consolidate complete 1 / 6 3 months ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: yes confirmed
Implementation:
0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998 target (child run)
Verified Source: yes
Proxy evidence 
{
    "method": "etherscan+onchain",
    "status": "confirmed",
    "etherscan_hint": {
        "source": "etherscan",
        "etherscan": {
            "proxy_flag": true,
            "implementation": "0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998"
        }
    },
    "implementation": "0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998",
    "onchain_method": "eip1967"
}

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 6
Findings
0
No findings?
yes
Summary
Reviewed the DelayedWETH implementation (and its first‑party support contracts); no exploitable vulnerabilities found in the in-scope code.
View stdout 
{"no_findings":true,"summary":"Reviewed the DelayedWETH implementation (and its first‑party support contracts); no exploitable vulnerabilities found in the in-scope code.","findings":[]}
View stderr 
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-fq0i5lr6
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019baa29-94fe-7282-87b0-f0d11e9306df
--------
user
Context: The user requested the proxy at 0x2453c1216e49704d84ea98a4dacd95738f2fc8ec.
Audit the implementation at 0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998.
Findings should refer to the implementation unless explicitly about proxy mechanics.

You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.

Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.

Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.

Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers

thinking
**Reading AUDIT_BUNDLE.txt**
exec
/bin/bash -lc ls in /tmp/codex-fq0i5lr6 succeeded in 6ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
interfaces
@openzeppelin
src
exec
/bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-fq0i5lr6 succeeded in 25ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.

================================================================================
FILE: interfaces/L1/IProxyAdminOwnedBase.sol
================================================================================
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import { IProxyAdmin } from "interfaces/universal/IProxyAdmin.sol";

interface IProxyAdminOwnedBase {
    error ProxyAdminOwnedBase_NotSharedProxyAdminOwner();
    error ProxyAdminOwnedBase_NotProxyAdminOwner();
    error ProxyAdminOwnedBase_NotProxyAdmin();
    error ProxyAdminOwnedBase_NotProxyAdminOrProxyAdminOwner();
    error ProxyAdminOwnedBase_ProxyAdminNotFound();
    error ProxyAdminOwnedBase_NotResolvedDelegateProxy();

    function proxyAdmin() external view returns (IProxyAdmin);



thinking
**Analyzing DelayedWETH implementation and potential risks**
thinking
**Evaluating reentrancy, upgradeability, and fund recovery risks**

I’m exploring potential reentrancy in withdraw and recover functions, upgradeability nuances with immutable delay config, and the admin’s ability to drain ETH via recover causing WETH to become undercollateralized; while many aspects seem intentional or low severity, the owner’s unrestricted ETH recovery could break token backing, which feels important to highlight.
thinking
**Summarizing audit conclusions and potential admin risks**

I reviewed DelayedWETH’s implementation thoroughly and found no exploitable vulnerabilities within its core logic. The only notable points are inherent admin controls—like owner’s ability to recover ETH and seize WETH balances—which are by design but present centralization risks. Overall, the contract behaves as expected given these trust assumptions.
codex
{"no_findings":true,"summary":"Reviewed the DelayedWETH implementation (and its first‑party support contracts); no exploitable vulnerabilities found in the in-scope code.","findings":[]}
tokens used
19,955
Metadata 
{
    "codex": {
        "ran_at": "2026-01-10T23:09:58.471052+00:00",
        "returncode": 0
    },
    "project": {
        "mode": "source",
        "file_count": 16,
        "import_count": 15,
        "first_party_contracts_count": 14
    },
    "summary": "Reviewed the DelayedWETH implementation (and its first\u2011party support contracts); no exploitable vulnerabilities found in the in-scope code.",
    "raw_final": {
        "summary": "Reviewed the DelayedWETH implementation (and its first\u2011party support contracts); no exploitable vulnerabilities found in the in-scope code.",
        "findings": [],
        "no_findings": true
    },
    "no_findings": true,
    "proxy_context": {
        "proxy_run_id": "019ba9bc-ecc6-733e-8c61-70edd60929b0",
        "proxy_address": "0x2453c1216e49704d84ea98a4dacd95738f2fc8ec",
        "implementation_run_id": "019ba9bd-9e4d-73ec-81d3-a5bdf185101a",
        "implementation_address": "0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998"
    },
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
2
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
0
EXT*/BALANCE
0
Total opcodes
802
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x005e
0000000c: JUMPI
0000000d: PUSH1 0x00
0000000f: CALLDATALOAD
00000010: PUSH1 0xe0
00000012: SHR
00000013: DUP1
00000014: PUSH4 0x5c60da1b
00000019: GT
0000001a: PUSH2 0x0043
0000001d: JUMPI
0000001e: DUP1
0000001f: PUSH4 0x5c60da1b
00000024: EQ
00000025: PUSH2 0x00be
00000028: JUMPI
00000029: DUP1
0000002a: PUSH4 0x8f283970
0000002f: EQ
00000030: PUSH2 0x00f8
00000033: JUMPI
00000034: DUP1
00000035: PUSH4 0xf851a440
0000003a: EQ
0000003b: PUSH2 0x0118
0000003e: JUMPI
0000003f: PUSH2 0x006d
00000042: JUMP
00000043: JUMPDEST
00000044: DUP1
00000045: PUSH4 0x3659cfe6
0000004a: EQ
0000004b: PUSH2 0x0075
0000004e: JUMPI
0000004f: DUP1
00000050: PUSH4 0x4f1ef286
00000055: EQ
00000056: PUSH2 0x0095
00000059: JUMPI
0000005a: PUSH2 0x006d
0000005d: JUMP
0000005e: JUMPDEST
0000005f: CALLDATASIZE
00000060: PUSH2 0x006d
00000063: JUMPI
00000064: PUSH2 0x006b
00000067: PUSH2 0x012d
0000006a: JUMP
0000006b: JUMPDEST
0000006c: STOP
0000006d: JUMPDEST
0000006e: PUSH2 0x006b
00000071: PUSH2 0x012d
00000074: JUMP
00000075: JUMPDEST
00000076: CALLVALUE
00000077: DUP1
00000078: ISZERO
00000079: PUSH2 0x0081
0000007c: JUMPI
0000007d: PUSH1 0x00
0000007f: DUP1
00000080: REVERT
00000081: JUMPDEST
00000082: POP
00000083: PUSH2 0x006b
00000086: PUSH2 0x0090
00000089: CALLDATASIZE
0000008a: PUSH1 0x04
0000008c: PUSH2 0x06dd
0000008f: JUMP
00000090: JUMPDEST
00000091: PUSH2 0x0224
00000094: JUMP
00000095: JUMPDEST
00000096: PUSH2 0x00a8
00000099: PUSH2 0x00a3
0000009c: CALLDATASIZE
0000009d: PUSH1 0x04
0000009f: PUSH2 0x06f8
000000a2: JUMP
000000a3: JUMPDEST
000000a4: PUSH2 0x0296
000000a7: JUMP
000000a8: JUMPDEST
000000a9: PUSH1 0x40
000000ab: MLOAD
000000ac: PUSH2 0x00b5
000000af: SWAP2
000000b0: SWAP1
000000b1: PUSH2 0x077b
000000b4: JUMP
000000b5: JUMPDEST
000000b6: PUSH1 0x40
000000b8: MLOAD
000000b9: DUP1
000000ba: SWAP2
000000bb: SUB
000000bc: SWAP1
000000bd: RETURN
000000be: JUMPDEST
000000bf: CALLVALUE
000000c0: DUP1
000000c1: ISZERO
000000c2: PUSH2 0x00ca
000000c5: JUMPI
000000c6: PUSH1 0x00
000000c8: DUP1
000000c9: REVERT
000000ca: JUMPDEST
000000cb: POP
000000cc: PUSH2 0x00d3
000000cf: PUSH2 0x0419
000000d2: JUMP
000000d3: JUMPDEST
000000d4: PUSH1 0x40
000000d6: MLOAD
000000d7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000ec: SWAP1
000000ed: SWAP2
000000ee: AND
000000ef: DUP2
000000f0: MSTORE
000000f1: PUSH1 0x20
000000f3: ADD
000000f4: PUSH2 0x00b5
000000f7: JUMP
000000f8: JUMPDEST
000000f9: CALLVALUE
000000fa: DUP1
000000fb: ISZERO
000000fc: PUSH2 0x0104
000000ff: JUMPI
00000100: PUSH1 0x00
00000102: DUP1
00000103: REVERT
00000104: JUMPDEST
00000105: POP
00000106: PUSH2 0x006b
00000109: PUSH2 0x0113
0000010c: CALLDATASIZE
0000010d: PUSH1 0x04
0000010f: PUSH2 0x06dd
00000112: JUMP
00000113: JUMPDEST
00000114: PUSH2 0x04b0
00000117: JUMP
00000118: JUMPDEST
00000119: CALLVALUE
0000011a: DUP1
0000011b: ISZERO
0000011c: PUSH2 0x0124
0000011f: JUMPI
00000120: PUSH1 0x00
00000122: DUP1
00000123: REVERT
00000124: JUMPDEST
00000125: POP
00000126: PUSH2 0x00d3
00000129: PUSH2 0x0517
0000012c: JUMP
0000012d: JUMPDEST
0000012e: PUSH1 0x00
00000130: PUSH2 0x0157
00000133: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
00000154: SLOAD
00000155: SWAP1
00000156: JUMP
00000157: JUMPDEST
00000158: SWAP1
00000159: POP
0000015a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000016f: DUP2
00000170: AND
00000171: PUSH2 0x0201
00000174: JUMPI
00000175: PUSH1 0x40
00000177: MLOAD
00000178: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
00000199: DUP2
0000019a: MSTORE
0000019b: PUSH1 0x20
0000019d: PUSH1 0x04
0000019f: DUP3
000001a0: ADD
000001a1: MSTORE
000001a2: PUSH1 0x25
000001a4: PUSH1 0x24
000001a6: DUP3
000001a7: ADD
000001a8: MSTORE
000001a9: PUSH32 0x50726f78793a20696d706c656d656e746174696f6e206e6f7420696e69746961
000001ca: PUSH1 0x44
000001cc: DUP3
000001cd: ADD
000001ce: MSTORE
000001cf: PUSH32 0x6c697a6564000000000000000000000000000000000000000000000000000000
000001f0: PUSH1 0x64
000001f2: DUP3
000001f3: ADD
000001f4: MSTORE
000001f5: PUSH1 0x84
000001f7: ADD
000001f8: JUMPDEST
000001f9: PUSH1 0x40
000001fb: MLOAD
000001fc: DUP1
000001fd: SWAP2
000001fe: SUB
000001ff: SWAP1
00000200: REVERT
00000201: JUMPDEST
00000202: CALLDATASIZE
00000203: PUSH1 0x00
00000205: DUP1
00000206: CALLDATACOPY
00000207: PUSH1 0x00
00000209: DUP1
0000020a: CALLDATASIZE
0000020b: PUSH1 0x00
0000020d: DUP5
0000020e: GAS
0000020f: DELEGATECALL
00000210: RETURNDATASIZE
00000211: PUSH1 0x00
00000213: DUP1
00000214: RETURNDATACOPY
00000215: DUP1
00000216: PUSH2 0x021e
00000219: JUMPI
0000021a: RETURNDATASIZE
0000021b: PUSH1 0x00
0000021d: REVERT
0000021e: JUMPDEST
0000021f: POP
00000220: RETURNDATASIZE
00000221: PUSH1 0x00
00000223: RETURN
00000224: JUMPDEST
00000225: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
00000246: SLOAD
00000247: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000025c: AND
0000025d: CALLER
0000025e: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000273: AND
00000274: EQ
00000275: DUP1
00000276: PUSH2 0x027d
00000279: JUMPI
0000027a: POP
0000027b: CALLER
0000027c: ISZERO
0000027d: JUMPDEST
0000027e: ISZERO
0000027f: PUSH2 0x028e
00000282: JUMPI
00000283: PUSH2 0x028b
00000286: DUP2
00000287: PUSH2 0x05a3
0000028a: JUMP
0000028b: JUMPDEST
0000028c: POP
0000028d: JUMP
0000028e: JUMPDEST
0000028f: PUSH2 0x028b
00000292: PUSH2 0x012d
00000295: JUMP
00000296: JUMPDEST
00000297: PUSH1 0x60
00000299: PUSH2 0x02c0
0000029c: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
000002bd: SLOAD
000002be: SWAP1
000002bf: JUMP
000002c0: JUMPDEST
000002c1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002d6: AND
000002d7: CALLER
000002d8: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000002ed: AND
000002ee: EQ
000002ef: DUP1
000002f0: PUSH2 0x02f7
000002f3: JUMPI
000002f4: POP
000002f5: CALLER
000002f6: ISZERO
000002f7: JUMPDEST
000002f8: ISZERO
000002f9: PUSH2 0x040a
000002fc: JUMPI
000002fd: PUSH2 0x0305
00000300: DUP5
00000301: PUSH2 0x05a3
00000304: JUMP
00000305: JUMPDEST
00000306: PUSH1 0x00
00000308: DUP1
00000309: DUP6
0000030a: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000031f: AND
00000320: DUP6
00000321: DUP6
00000322: PUSH1 0x40
00000324: MLOAD
00000325: PUSH2 0x032f
00000328: SWAP3
00000329: SWAP2
0000032a: SWAP1
0000032b: PUSH2 0x07ee
0000032e: JUMP
0000032f: JUMPDEST
00000330: PUSH1 0x00
00000332: PUSH1 0x40
00000334: MLOAD
00000335: DUP1
00000336: DUP4
00000337: SUB
00000338: DUP2
00000339: DUP6
0000033a: GAS
0000033b: DELEGATECALL
0000033c: SWAP2
0000033d: POP
0000033e: POP
0000033f: RETURNDATASIZE
00000340: DUP1
00000341: PUSH1 0x00
00000343: DUP2
00000344: EQ
00000345: PUSH2 0x036a
00000348: JUMPI
00000349: PUSH1 0x40
0000034b: MLOAD
0000034c: SWAP2
0000034d: POP
0000034e: PUSH1 0x1f
00000350: NOT
00000351: PUSH1 0x3f
00000353: RETURNDATASIZE
00000354: ADD
00000355: AND
00000356: DUP3
00000357: ADD
00000358: PUSH1 0x40
0000035a: MSTORE
0000035b: RETURNDATASIZE
0000035c: DUP3
0000035d: MSTORE
0000035e: RETURNDATASIZE
0000035f: PUSH1 0x00
00000361: PUSH1 0x20
00000363: DUP5
00000364: ADD
00000365: RETURNDATACOPY
00000366: PUSH2 0x036f
00000369: JUMP
0000036a: JUMPDEST
0000036b: PUSH1 0x60
0000036d: SWAP2
0000036e: POP
0000036f: JUMPDEST
00000370: POP
00000371: SWAP2
00000372: POP
00000373: SWAP2
00000374: POP
00000375: DUP2
00000376: PUSH2 0x0401
00000379: JUMPI
0000037a: PUSH1 0x40
0000037c: MLOAD
0000037d: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000
0000039e: DUP2
0000039f: MSTORE
000003a0: PUSH1 0x20
000003a2: PUSH1 0x04
000003a4: DUP3
000003a5: ADD
000003a6: MSTORE
000003a7: PUSH1 0x39
000003a9: PUSH1 0x24
000003ab: DUP3
000003ac: ADD
000003ad: MSTORE
000003ae: PUSH32 0x50726f78793a2064656c656761746563616c6c20746f206e657720696d706c65
000003cf: PUSH1 0x44
000003d1: DUP3
000003d2: ADD
000003d3: MSTORE
000003d4: PUSH32 0x6d656e746174696f6e20636f6e7472616374206661696c656400000000000000
000003f5: PUSH1 0x64
000003f7: DUP3
000003f8: ADD
000003f9: MSTORE
000003fa: PUSH1 0x84
000003fc: ADD
000003fd: PUSH2 0x01f8
00000400: JUMP
00000401: JUMPDEST
00000402: SWAP2
00000403: POP
00000404: PUSH2 0x0412
00000407: SWAP1
00000408: POP
00000409: JUMP
0000040a: JUMPDEST
0000040b: PUSH2 0x0412
0000040e: PUSH2 0x012d
00000411: JUMP
00000412: JUMPDEST
00000413: SWAP4
00000414: SWAP3
00000415: POP
00000416: POP
00000417: POP
00000418: JUMP
00000419: JUMPDEST
0000041a: PUSH1 0x00
0000041c: PUSH2 0x0443
0000041f: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
00000440: SLOAD
00000441: SWAP1
00000442: JUMP
00000443: JUMPDEST
00000444: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000459: AND
0000045a: CALLER
0000045b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000470: AND
00000471: EQ
00000472: DUP1
00000473: PUSH2 0x047a
00000476: JUMPI
00000477: POP
00000478: CALLER
00000479: ISZERO
0000047a: JUMPDEST
0000047b: ISZERO
0000047c: PUSH2 0x04a5
0000047f: JUMPI
00000480: POP
00000481: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000004a2: SLOAD
000004a3: SWAP1
000004a4: JUMP
000004a5: JUMPDEST
000004a6: PUSH2 0x04ad
000004a9: PUSH2 0x012d
000004ac: JUMP
000004ad: JUMPDEST
000004ae: SWAP1
000004af: JUMP
000004b0: JUMPDEST
000004b1: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
000004d2: SLOAD
000004d3: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004e8: AND
000004e9: CALLER
000004ea: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000004ff: AND
00000500: EQ
00000501: DUP1
00000502: PUSH2 0x0509
00000505: JUMPI
00000506: POP
00000507: CALLER
00000508: ISZERO
00000509: JUMPDEST
0000050a: ISZERO
0000050b: PUSH2 0x028e
0000050e: JUMPI
0000050f: PUSH2 0x028b
00000512: DUP2
00000513: PUSH2 0x060c
00000516: JUMP
00000517: JUMPDEST
00000518: PUSH1 0x00
0000051a: PUSH2 0x0541
0000051d: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
0000053e: SLOAD
0000053f: SWAP1
00000540: JUMP
00000541: JUMPDEST
00000542: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000557: AND
00000558: CALLER
00000559: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000056e: AND
0000056f: EQ
00000570: DUP1
00000571: PUSH2 0x0578
00000574: JUMPI
00000575: POP
00000576: CALLER
00000577: ISZERO
00000578: JUMPDEST
00000579: ISZERO
0000057a: PUSH2 0x04a5
0000057d: JUMPI
0000057e: POP
0000057f: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
000005a0: SLOAD
000005a1: SWAP1
000005a2: JUMP
000005a3: JUMPDEST
000005a4: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
000005c5: DUP2
000005c6: DUP2
000005c7: SSTORE
000005c8: PUSH1 0x40
000005ca: MLOAD
000005cb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000005e0: DUP4
000005e1: AND
000005e2: SWAP1
000005e3: PUSH32 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b
00000604: SWAP1
00000605: PUSH1 0x00
00000607: SWAP1
00000608: LOG2
00000609: POP
0000060a: POP
0000060b: JUMP
0000060c: JUMPDEST
0000060d: PUSH1 0x00
0000060f: PUSH2 0x0636
00000612: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
00000633: SLOAD
00000634: SWAP1
00000635: JUMP
00000636: JUMPDEST
00000637: PUSH32 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103
00000658: DUP4
00000659: DUP2
0000065a: SSTORE
0000065b: PUSH1 0x40
0000065d: DUP1
0000065e: MLOAD
0000065f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000674: DUP1
00000675: DUP6
00000676: AND
00000677: DUP3
00000678: MSTORE
00000679: DUP7
0000067a: AND
0000067b: PUSH1 0x20
0000067d: DUP3
0000067e: ADD
0000067f: MSTORE
00000680: SWAP3
00000681: SWAP4
00000682: POP
00000683: SWAP1
00000684: SWAP2
00000685: PUSH32 0x7e644d79422f17c01e4894b5f4f588d331ebfa28653d42ae832dc59e38c9798f
000006a6: SWAP2
000006a7: ADD
000006a8: PUSH1 0x40
000006aa: MLOAD
000006ab: DUP1
000006ac: SWAP2
000006ad: SUB
000006ae: SWAP1
000006af: LOG1
000006b0: POP
000006b1: POP
000006b2: POP
000006b3: JUMP
000006b4: JUMPDEST
000006b5: DUP1
000006b6: CALLDATALOAD
000006b7: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000006cc: DUP2
000006cd: AND
000006ce: DUP2
000006cf: EQ
000006d0: PUSH2 0x06d8
000006d3: JUMPI
000006d4: PUSH1 0x00
000006d6: DUP1
000006d7: REVERT
000006d8: JUMPDEST
000006d9: SWAP2
000006da: SWAP1
000006db: POP
000006dc: JUMP
000006dd: JUMPDEST
000006de: PUSH1 0x00
000006e0: PUSH1 0x20
000006e2: DUP3
000006e3: DUP5
000006e4: SUB
000006e5: SLT
000006e6: ISZERO
000006e7: PUSH2 0x06ef
000006ea: JUMPI
000006eb: PUSH1 0x00
000006ed: DUP1
000006ee: REVERT
000006ef: JUMPDEST
000006f0: PUSH2 0x0412
000006f3: DUP3
000006f4: PUSH2 0x06b4
000006f7: JUMP
000006f8: JUMPDEST
000006f9: PUSH1 0x00
000006fb: DUP1
000006fc: PUSH1 0x00
000006fe: PUSH1 0x40
00000700: DUP5
00000701: DUP7
00000702: SUB
00000703: SLT
00000704: ISZERO
00000705: PUSH2 0x070d
00000708: JUMPI
00000709: PUSH1 0x00
0000070b: DUP1
0000070c: REVERT
0000070d: JUMPDEST
0000070e: PUSH2 0x0716
00000711: DUP5
00000712: PUSH2 0x06b4
00000715: JUMP
00000716: JUMPDEST
00000717: SWAP3
00000718: POP
00000719: PUSH1 0x20
0000071b: DUP5
0000071c: ADD
0000071d: CALLDATALOAD
0000071e: PUSH8 0xffffffffffffffff
00000727: DUP1
00000728: DUP3
00000729: GT
0000072a: ISZERO
0000072b: PUSH2 0x0733
0000072e: JUMPI
0000072f: PUSH1 0x00
00000731: DUP1
00000732: REVERT
00000733: JUMPDEST
00000734: DUP2
00000735: DUP7
00000736: ADD
00000737: SWAP2
00000738: POP
00000739: DUP7
0000073a: PUSH1 0x1f
0000073c: DUP4
0000073d: ADD
0000073e: SLT
0000073f: PUSH2 0x0747
00000742: JUMPI
00000743: PUSH1 0x00
00000745: DUP1
00000746: REVERT
00000747: JUMPDEST
00000748: DUP2
00000749: CALLDATALOAD
0000074a: DUP2
0000074b: DUP2
0000074c: GT
0000074d: ISZERO
0000074e: PUSH2 0x0756
00000751: JUMPI
00000752: PUSH1 0x00
00000754: DUP1
00000755: REVERT
00000756: JUMPDEST
00000757: DUP8
00000758: PUSH1 0x20
0000075a: DUP3
0000075b: DUP6
0000075c: ADD
0000075d: ADD
0000075e: GT
0000075f: ISZERO
00000760: PUSH2 0x0768
00000763: JUMPI
00000764: PUSH1 0x00
00000766: DUP1
00000767: REVERT
00000768: JUMPDEST
00000769: PUSH1 0x20
0000076b: DUP4
0000076c: ADD
0000076d: SWAP5
0000076e: POP
0000076f: DUP1
00000770: SWAP4
00000771: POP
00000772: POP
00000773: POP
00000774: POP
00000775: SWAP3
00000776: POP
00000777: SWAP3
00000778: POP
00000779: SWAP3
0000077a: JUMP
0000077b: JUMPDEST
0000077c: PUSH1 0x00
0000077e: PUSH1 0x20
00000780: DUP1
00000781: DUP4
00000782: MSTORE
00000783: DUP4
00000784: MLOAD
00000785: DUP1
00000786: DUP3
00000787: DUP6
00000788: ADD
00000789: MSTORE
0000078a: PUSH1 0x00
0000078c: JUMPDEST
0000078d: DUP2
0000078e: DUP2
0000078f: LT
00000790: ISZERO
00000791: PUSH2 0x07a8
00000794: JUMPI
00000795: DUP6
00000796: DUP2
00000797: ADD
00000798: DUP4
00000799: ADD
0000079a: MLOAD
0000079b: DUP6
0000079c: DUP3
0000079d: ADD
0000079e: PUSH1 0x40
000007a0: ADD
000007a1: MSTORE
000007a2: DUP3
000007a3: ADD
000007a4: PUSH2 0x078c
000007a7: JUMP
000007a8: JUMPDEST
000007a9: DUP2
000007aa: DUP2
000007ab: GT
000007ac: ISZERO
000007ad: PUSH2 0x07ba
000007b0: JUMPI
000007b1: PUSH1 0x00
000007b3: PUSH1 0x40
000007b5: DUP4
000007b6: DUP8
000007b7: ADD
000007b8: ADD
000007b9: MSTORE
000007ba: JUMPDEST
000007bb: POP
000007bc: PUSH1 0x1f
000007be: ADD
000007bf: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0
000007e0: AND
000007e1: SWAP3
000007e2: SWAP1
000007e3: SWAP3
000007e4: ADD
000007e5: PUSH1 0x40
000007e7: ADD
000007e8: SWAP4
000007e9: SWAP3
000007ea: POP
000007eb: POP
000007ec: POP
000007ed: JUMP
000007ee: JUMPDEST
000007ef: DUP2
000007f0: DUP4
000007f1: DUP3
000007f2: CALLDATACOPY
000007f3: PUSH1 0x00
000007f5: SWAP2
000007f6: ADD
000007f7: SWAP1
000007f8: DUP2
000007f9: MSTORE
000007fa: SWAP2
000007fb: SWAP1
000007fc: POP
000007fd: JUMP
000007fe: INVALID
000007ff: LOG1
00000800: PUSH5 0x736f6c6343
00000806: STOP
00000807: ADDMOD
00000808: UNKNOWN(0x0F)
00000809: STOP
0000080a: EXP

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high upgradeability detector Untrusted DELEGATECALL target reachable 55 no no
view
trace_id: 0x5efef7ae079f700eedb521f93284dd4dad4f22300c1a5065f79d41827ce32100
call_targets: 0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x5efef7ae079f700eedb521f93284dd4dad4f22300c1a5065f79d41827ce32100",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x33dadc2d1aa9bb613a7ae6b28425ea00d44c6998"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x5c60da1b",
            "selector": "0x5c60da1b",
            "calldata_variants": [
                "0x5c60da1b",
                "0x5c60da1b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x8f283970",
            "selector": "0x8f283970",
            "calldata_variants": [
                "0x8f283970",
                "0x8f2839700000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xf851a440",
            "selector": "0xf851a440",
            "calldata_variants": [
                "0xf851a440",
                "0xf851a4400000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3659cfe6",
            "selector": "0x3659cfe6",
            "calldata_variants": [
                "0x3659cfe6",
                "0x3659cfe60000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x4f1ef286",
            "selector": "0x4f1ef286",
            "calldata_variants": [
                "0x4f1ef286",
                "0x4f1ef2860000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 527,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        },
        {
            "pc": 827,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [
        {
            "pc": 605,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 727,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1114,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1257,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        },
        {
            "pc": 1368,
            "type": "msg_sender_eq_const",
            "value": "0xffffffffffffffffffffffffffffffffffffffff"
        }
    ],
    "delegatecall_count": 2,
    "untrusted_delegatecall_count": 2
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 2
}