019bab3b-ab6d-70c7-af26-7adf21a8e65f
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 38548 | artifact.fetch | complete | 1 / 3 | 3 months ago |
| 38549 | proxy.resolve | complete | 1 / 3 | 3 months ago |
| 38550 | tool.cast_disasm | complete | 1 / 3 | 3 months ago |
| 38551 | analysis.bundle | complete | 1 / 3 | 3 months ago |
| 38552 | capability.graph | complete | 1 / 3 | 3 months ago |
| 38553 | detector.run | complete | 1 / 3 | 3 months ago |
| 38554 | validation.fork | complete | 1 / 3 | 3 months ago |
| 39065 | report.consolidate | complete | 1 / 6 | 3 months ago |
| 39066 | tool.slither | failed | 2 / 2 | 3 months ago |
{
"method": "etherscan+onchain",
"status": "confirmed",
"etherscan_hint": {
"source": "etherscan",
"etherscan": {
"proxy_flag": true,
"implementation": "0x75161367fcac81482706d119ceedf8ef9a26fb8b"
}
},
"implementation": "0x75161367fcac81482706d119ceedf8ef9a26fb8b",
"onchain_method": "eip1967"
}
Traceback (most recent call last):
File "/var/www/tripwire/worker/worker.py", line 198, in main
payload = dispatch_job(job_type, job_id, job_meta, run_data, config, laravel_client)
File "/var/www/tripwire/worker/worker.py", line 114, in dispatch_job
return slither_run.run(job_id, job_meta, run_data, config, log, laravel_client)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/worker/jobs/slither_run.py", line 1084, in run
stdout_text, stderr_text, result_json = _run_slither(
~~~~~~~~~~~~^
workspace,
^^^^^^^^^^
...<4 lines>...
target_path=target_path,
^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/var/www/tripwire/worker/jobs/slither_run.py", line 958, in _run_slither
raise RuntimeError(f"slither failed (exit {result.returncode}): {stderr_text or stdout_text}")
RuntimeError: slither failed (exit 1): 'forge clean' running (wd: /tmp/slither-sa5jibau)
'forge config --json' running
'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-sa5jibau)
Traceback (most recent call last):
File "/var/www/tripwire/.venv/bin/slither", line 10, in <module>
sys.exit(main())
~~~~^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 776, in main
main_impl(all_detector_classes=detectors, all_printer_classes=printers)
~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 882, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 96, in process_all
compilations = compile_all(target, **vars(args))
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 722, in compile_all
compilations.append(CryticCompile(target, **kwargs))
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 211, in __init__
self._compile(**kwargs)
~~~~~~~~~~~~~^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 633, in _compile
self._platform.compile(self, **kwargs)
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/platform/foundry.py", line 102, in compile
hardhat_like_parsing(
~~~~~~~~~~~~~~~~~~~~^
crytic_compile, str(self._target), build_directory, str(self._project_root)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/platform/hardhat.py", line 52, in hardhat_like_parsing
raise InvalidCompilation(txt)
crytic_compile.platform.exceptions.InvalidCompilation: Compilation failed. Can you run build command?
/tmp/slither-sa5jibau/out/build-info is not a directory.
{"no_findings":true,"summary":"No exploitable vulnerabilities identified in the first-party implementation; external calls and upgrades are role-gated and token flows enforce balance/allowlist checks.","findings":[]}
OpenAI Codex v0.77.0 (research preview)
--------
workdir: /tmp/codex-z0ragn05
model: gpt-5.2-codex
provider: openai
approval: never
sandbox: read-only
reasoning effort: high
reasoning summaries: auto
session id: 019baba7-fdab-74f1-9e8b-250238d5f697
--------
user
Context: The user requested the proxy at 0xa66b23d9a8a46c284fa5b3f2e2b59eb5cc3817f4.
Audit the implementation at 0x75161367fcac81482706d119ceedf8ef9a26fb8b.
Findings should refer to the implementation unless explicitly about proxy mechanics.
You are a security auditor. Audit this Solidity codebase for exploitable vulnerabilities.
Focus on: reentrancy, access control, upgradeability/proxy issues, signature validation, oracle manipulation,
accounting/invariant breaks, external call patterns, unchecked return values, and dangerous delegatecall.
Scope rules:
- You MUST fully read `AUDIT_BUNDLE.txt` before concluding. It contains the complete contents of all first-party Solidity sources in this workspace.
- Treat `lib/` and `@openzeppelin/` as third-party dependencies; skip them unless there is a concrete misuse angle in first-party code.
- If there are only dependency files and no first-party sources, set no_findings=true and explain in summary.
Output MUST be valid JSON matching the provided schema.
- If you find nothing meaningful: set no_findings=true and findings=[].
- Otherwise: set no_findings=false and include findings with severity/category/title and file/line locations when possible.
Output constraints (IMPORTANT):
- severity MUST be exactly one of: info, low, medium, high, critical (lowercase).
- category MUST be exactly one of: access_control, reentrancy, math, oracle, upgradeability, auth, other.
Keep summary short and concrete.
mcp startup: no servers
thinking
**Preparing to read AUDIT_BUNDLE.txt**
exec
/bin/bash -lc ls in /tmp/codex-z0ragn05 succeeded in 7ms:
AUDIT_BUNDLE.txt
codex-output-schema.json
contracts
@openzeppelin
exec
/bin/bash -lc "sed -n '1,200p' AUDIT_BUNDLE.txt" in /tmp/codex-z0ragn05 succeeded in 28ms:
This file concatenates the full contents of first-party Solidity sources for auditing.
Do not treat dependency code under lib/ or @openzeppelin/ as first-party.
================================================================================
FILE: contracts/CrossmintTreasury.sol
================================================================================
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.19;
/*
,----.. ____ ___
/ / \ ,' , `. ,--, ,--.'|_
| : : __ ,-. ,---. ,-+-,.' _ ,--.'| ,---, | | :,'
. | ;. ,' ,'/ /| ' ,'\ .--.--. .--.--. ,-+-. ; , || |, ,-+-. / | : : ' :
. ; /--`' | |' |/ / |/ / ' / / ' ,--.'|' | |`--'_ ,--.'|' .;__,' /
; | ; | | ,. ; ,. | : /`./| : /`./ | | ,', | |,' ,'| | | ,"' | | |
| : | ' : / ' | |: | : ;_ | : ;_ | | / | |--'' | | | | / | :__,'| :
. | '___| | ' ' | .; :\ \ `.\ \ `.| : | | , | | : | | | | | ' : |__
' ; : .'; : | | : | `----. \`----. | : | |/ ' : |__| | | |/ | | '.'|
exec
/bin/bash -lc "sed -n '200,400p' AUDIT_BUNDLE.txt" in /tmp/codex-z0ragn05 succeeded in 27ms:
function withdraw(address payable to, uint256 amount) external onlyRole(ADMIN_ROLE) {
Address.sendValue(to, amount);
}
/////////////////////////////
// External View Functions //
/////////////////////////////
function tokenOnAllowlist(address token) external view returns (bool) {
return s_tokenAllowlist[token];
}
function getVersion() external pure returns (string memory version) {
return "0.1";
}
////////////////////////////////////
// Private and Internal Functions //
////////////////////////////////////
thinking
**Analyzing treasury contract for vulnerabilities**
thinking
**Reviewing allowance logic and execute function gaps**
I'm wrapping up by examining interactions around allowance handling and the execute functions; I see the allowance pattern is safe due to EVM revert propagation despite some quirks with tokens' allowance semantics. The execute function can call non-allowlisted tokens directly, which bypasses token allowlist restrictions on transfers, but this seems intended for treasury role flexibility. Overall, no clear exploitable vulnerabilities stand out given role restrictions and revert guarantees. I'll finalize the audit with no findings reported.
codex
{"no_findings":true,"summary":"No exploitable vulnerabilities identified in the first-party implementation; external calls and upgrades are role-gated and token flows enforce balance/allowlist checks.","findings":[]}
tokens used
17,593
{
"codex": {
"ran_at": "2026-01-11T06:06:28.011147+00:00",
"returncode": 0
},
"project": {
"mode": "source",
"file_count": 22,
"import_count": 27,
"first_party_contracts_count": 2
},
"summary": "No exploitable vulnerabilities identified in the first-party implementation; external calls and upgrades are role-gated and token flows enforce balance/allowlist checks.",
"raw_final": {
"summary": "No exploitable vulnerabilities identified in the first-party implementation; external calls and upgrades are role-gated and token flows enforce balance/allowlist checks.",
"findings": [],
"no_findings": true
},
"no_findings": true,
"proxy_context": {
"proxy_run_id": "019bab3b-ab6d-70c7-af26-7adf21a8e65f",
"proxy_address": "0xa66b23d9a8a46c284fa5b3f2e2b59eb5cc3817f4",
"implementation_run_id": "019bab3d-2204-73f2-9818-d5b32a5fa050",
"implementation_address": "0x75161367fcac81482706d119ceedf8ef9a26fb8b"
},
"schema_version": 1
}
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: PUSH2 0x0013 00000009: JUMPI 0000000a: PUSH2 0x0011 0000000d: PUSH2 0x0017 00000010: JUMP 00000011: JUMPDEST 00000012: STOP 00000013: JUMPDEST 00000014: PUSH2 0x0011 00000017: JUMPDEST 00000018: PUSH2 0x0027 0000001b: PUSH2 0x0022 0000001e: PUSH2 0x0067 00000021: JUMP 00000022: JUMPDEST 00000023: PUSH2 0x009f 00000026: JUMP 00000027: JUMPDEST 00000028: JUMP 00000029: JUMPDEST 0000002a: PUSH1 0x60 0000002c: PUSH2 0x004e 0000002f: DUP4 00000030: DUP4 00000031: PUSH1 0x40 00000033: MLOAD 00000034: DUP1 00000035: PUSH1 0x60 00000037: ADD 00000038: PUSH1 0x40 0000003a: MSTORE 0000003b: DUP1 0000003c: PUSH1 0x27 0000003e: DUP2 0000003f: MSTORE 00000040: PUSH1 0x20 00000042: ADD 00000043: PUSH2 0x0268 00000046: PUSH1 0x27 00000048: SWAP2 00000049: CODECOPY 0000004a: PUSH2 0x00c3 0000004d: JUMP 0000004e: JUMPDEST 0000004f: SWAP4 00000050: SWAP3 00000051: POP 00000052: POP 00000053: POP 00000054: JUMP 00000055: JUMPDEST 00000056: PUSH1 0x01 00000058: PUSH1 0x01 0000005a: PUSH1 0xa0 0000005c: SHL 0000005d: SUB 0000005e: AND 0000005f: EXTCODESIZE 00000060: ISZERO 00000061: ISZERO 00000062: SWAP1 00000063: JUMP 00000064: JUMPDEST 00000065: SWAP1 00000066: JUMP 00000067: JUMPDEST 00000068: PUSH1 0x00 0000006a: PUSH2 0x009a 0000006d: PUSH32 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc 0000008e: SLOAD 0000008f: PUSH1 0x01 00000091: PUSH1 0x01 00000093: PUSH1 0xa0 00000095: SHL 00000096: SUB 00000097: AND 00000098: SWAP1 00000099: JUMP 0000009a: JUMPDEST 0000009b: SWAP1 0000009c: POP 0000009d: SWAP1 0000009e: JUMP 0000009f: JUMPDEST 000000a0: CALLDATASIZE 000000a1: PUSH1 0x00 000000a3: DUP1 000000a4: CALLDATACOPY 000000a5: PUSH1 0x00 000000a7: DUP1 000000a8: CALLDATASIZE 000000a9: PUSH1 0x00 000000ab: DUP5 000000ac: GAS 000000ad: DELEGATECALL 000000ae: RETURNDATASIZE 000000af: PUSH1 0x00 000000b1: DUP1 000000b2: RETURNDATACOPY 000000b3: DUP1 000000b4: DUP1 000000b5: ISZERO 000000b6: PUSH2 0x00be 000000b9: JUMPI 000000ba: RETURNDATASIZE 000000bb: PUSH1 0x00 000000bd: RETURN 000000be: JUMPDEST 000000bf: RETURNDATASIZE 000000c0: PUSH1 0x00 000000c2: REVERT 000000c3: JUMPDEST 000000c4: PUSH1 0x60 000000c6: PUSH1 0x00 000000c8: DUP1 000000c9: DUP6 000000ca: PUSH1 0x01 000000cc: PUSH1 0x01 000000ce: PUSH1 0xa0 000000d0: SHL 000000d1: SUB 000000d2: AND 000000d3: DUP6 000000d4: PUSH1 0x40 000000d6: MLOAD 000000d7: PUSH2 0x00e0 000000da: SWAP2 000000db: SWAP1 000000dc: PUSH2 0x0218 000000df: JUMP 000000e0: JUMPDEST 000000e1: PUSH1 0x00 000000e3: PUSH1 0x40 000000e5: MLOAD 000000e6: DUP1 000000e7: DUP4 000000e8: SUB 000000e9: DUP2 000000ea: DUP6 000000eb: GAS 000000ec: DELEGATECALL 000000ed: SWAP2 000000ee: POP 000000ef: POP 000000f0: RETURNDATASIZE 000000f1: DUP1 000000f2: PUSH1 0x00 000000f4: DUP2 000000f5: EQ 000000f6: PUSH2 0x011b 000000f9: JUMPI 000000fa: PUSH1 0x40 000000fc: MLOAD 000000fd: SWAP2 000000fe: POP 000000ff: PUSH1 0x1f 00000101: NOT 00000102: PUSH1 0x3f 00000104: RETURNDATASIZE 00000105: ADD 00000106: AND 00000107: DUP3 00000108: ADD 00000109: PUSH1 0x40 0000010b: MSTORE 0000010c: RETURNDATASIZE 0000010d: DUP3 0000010e: MSTORE 0000010f: RETURNDATASIZE 00000110: PUSH1 0x00 00000112: PUSH1 0x20 00000114: DUP5 00000115: ADD 00000116: RETURNDATACOPY 00000117: PUSH2 0x0120 0000011a: JUMP 0000011b: JUMPDEST 0000011c: PUSH1 0x60 0000011e: SWAP2 0000011f: POP 00000120: JUMPDEST 00000121: POP 00000122: SWAP2 00000123: POP 00000124: SWAP2 00000125: POP 00000126: PUSH2 0x0131 00000129: DUP7 0000012a: DUP4 0000012b: DUP4 0000012c: DUP8 0000012d: PUSH2 0x013b 00000130: JUMP 00000131: JUMPDEST 00000132: SWAP7 00000133: SWAP6 00000134: POP 00000135: POP 00000136: POP 00000137: POP 00000138: POP 00000139: POP 0000013a: JUMP 0000013b: JUMPDEST 0000013c: PUSH1 0x60 0000013e: DUP4 0000013f: ISZERO 00000140: PUSH2 0x01ac 00000143: JUMPI 00000144: DUP3 00000145: MLOAD 00000146: PUSH2 0x01a5 00000149: JUMPI 0000014a: PUSH1 0x01 0000014c: PUSH1 0x01 0000014e: PUSH1 0xa0 00000150: SHL 00000151: SUB 00000152: DUP6 00000153: AND 00000154: EXTCODESIZE 00000155: PUSH2 0x01a5 00000158: JUMPI 00000159: PUSH1 0x40 0000015b: MLOAD 0000015c: PUSH3 0x461bcd 00000160: PUSH1 0xe5 00000162: SHL 00000163: DUP2 00000164: MSTORE 00000165: PUSH1 0x20 00000167: PUSH1 0x04 00000169: DUP3 0000016a: ADD 0000016b: MSTORE 0000016c: PUSH1 0x1d 0000016e: PUSH1 0x24 00000170: DUP3 00000171: ADD 00000172: MSTORE 00000173: PUSH32 0x416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000 00000194: PUSH1 0x44 00000196: DUP3 00000197: ADD 00000198: MSTORE 00000199: PUSH1 0x64 0000019b: ADD 0000019c: JUMPDEST 0000019d: PUSH1 0x40 0000019f: MLOAD 000001a0: DUP1 000001a1: SWAP2 000001a2: SUB 000001a3: SWAP1 000001a4: REVERT 000001a5: JUMPDEST 000001a6: POP 000001a7: DUP2 000001a8: PUSH2 0x01b6 000001ab: JUMP 000001ac: JUMPDEST 000001ad: PUSH2 0x01b6 000001b0: DUP4 000001b1: DUP4 000001b2: PUSH2 0x01be 000001b5: JUMP 000001b6: JUMPDEST 000001b7: SWAP5 000001b8: SWAP4 000001b9: POP 000001ba: POP 000001bb: POP 000001bc: POP 000001bd: JUMP 000001be: JUMPDEST 000001bf: DUP2 000001c0: MLOAD 000001c1: ISZERO 000001c2: PUSH2 0x01ce 000001c5: JUMPI 000001c6: DUP2 000001c7: MLOAD 000001c8: DUP1 000001c9: DUP4 000001ca: PUSH1 0x20 000001cc: ADD 000001cd: REVERT 000001ce: JUMPDEST 000001cf: DUP1 000001d0: PUSH1 0x40 000001d2: MLOAD 000001d3: PUSH3 0x461bcd 000001d7: PUSH1 0xe5 000001d9: SHL 000001da: DUP2 000001db: MSTORE 000001dc: PUSH1 0x04 000001de: ADD 000001df: PUSH2 0x019c 000001e2: SWAP2 000001e3: SWAP1 000001e4: PUSH2 0x0234 000001e7: JUMP 000001e8: JUMPDEST 000001e9: PUSH1 0x00 000001eb: JUMPDEST 000001ec: DUP4 000001ed: DUP2 000001ee: LT 000001ef: ISZERO 000001f0: PUSH2 0x0203 000001f3: JUMPI 000001f4: DUP2 000001f5: DUP2 000001f6: ADD 000001f7: MLOAD 000001f8: DUP4 000001f9: DUP3 000001fa: ADD 000001fb: MSTORE 000001fc: PUSH1 0x20 000001fe: ADD 000001ff: PUSH2 0x01eb 00000202: JUMP 00000203: JUMPDEST 00000204: DUP4 00000205: DUP2 00000206: GT 00000207: ISZERO 00000208: PUSH2 0x0212 0000020b: JUMPI 0000020c: PUSH1 0x00 0000020e: DUP5 0000020f: DUP5 00000210: ADD 00000211: MSTORE 00000212: JUMPDEST 00000213: POP 00000214: POP 00000215: POP 00000216: POP 00000217: JUMP 00000218: JUMPDEST 00000219: PUSH1 0x00 0000021b: DUP3 0000021c: MLOAD 0000021d: PUSH2 0x022a 00000220: DUP2 00000221: DUP5 00000222: PUSH1 0x20 00000224: DUP8 00000225: ADD 00000226: PUSH2 0x01e8 00000229: JUMP 0000022a: JUMPDEST 0000022b: SWAP2 0000022c: SWAP1 0000022d: SWAP2 0000022e: ADD 0000022f: SWAP3 00000230: SWAP2 00000231: POP 00000232: POP 00000233: JUMP 00000234: JUMPDEST 00000235: PUSH1 0x20 00000237: DUP2 00000238: MSTORE 00000239: PUSH1 0x00 0000023b: DUP3 0000023c: MLOAD 0000023d: DUP1 0000023e: PUSH1 0x20 00000240: DUP5 00000241: ADD 00000242: MSTORE 00000243: PUSH2 0x0253 00000246: DUP2 00000247: PUSH1 0x40 00000249: DUP6 0000024a: ADD 0000024b: PUSH1 0x20 0000024d: DUP8 0000024e: ADD 0000024f: PUSH2 0x01e8 00000252: JUMP 00000253: JUMPDEST 00000254: PUSH1 0x1f 00000256: ADD 00000257: PUSH1 0x1f 00000259: NOT 0000025a: AND 0000025b: SWAP2 0000025c: SWAP1 0000025d: SWAP2 0000025e: ADD 0000025f: PUSH1 0x40 00000261: ADD 00000262: SWAP3 00000263: SWAP2 00000264: POP 00000265: POP 00000266: JUMP 00000267: INVALID 00000268: COINBASE 00000269: PUSH5 0x6472657373 0000026f: GASPRICE 00000270: KECCAK256 00000271: PUSH13 0x6f772d6c6576656c2064656c65 0000027f: PUSH8 0x6174652063616c6c 00000288: KECCAK256 00000289: PUSH7 0x61696c6564a264 00000291: PUSH10 0x70667358221220ff8e6f 0000029c: UNKNOWN(0x2D) 0000029d: PUSH23 0x1d58b3bd984933269e01a7ff1f70a460b808056daa4cff 000002b5: CLZ 000002b6: UNKNOWN(0xE8) 000002b7: UNKNOWN(0xAB) 000002b8: PUSH10 0x64736f6c634300080900 000002c3: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewtrace_id: 0xf8726e08105779b255254b5901265f604dcfb6825be5289495e225bf257a0925
call_targets:
0x75161367fcac81482706d119ceedf8ef9a26fb8b
target_varies:
no
classification:
constant_target
validation_json{
"sink": "DELEGATECALL",
"errors": 0,
"status": "sink_reached",
"attempts": 1,
"trace_id": "0xf8726e08105779b255254b5901265f604dcfb6825be5289495e225bf257a0925",
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": [
"0x75161367fcac81482706d119ceedf8ef9a26fb8b"
],
"matched_probe": null,
"target_varies": false,
"classification": "constant_target"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x",
"selector": "fallback",
"calldata_variants": [
"0x"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 173,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
},
{
"pc": 236,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 2,
"untrusted_delegatecall_count": 2
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 2
}
|