019be3d6-82e5-72c3-a333-8980e1b0edbf
Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?
| ID | Type | Status | Attempts | Heartbeat |
|---|---|---|---|---|
| 40743 | artifact.fetch | complete | 1 / 3 | 2 months ago |
| 40744 | proxy.resolve | complete | 1 / 3 | 2 months ago |
| 40745 | tool.cast_disasm | complete | 1 / 3 | 2 months ago |
| 40746 | analysis.bundle | complete | 1 / 3 | 2 months ago |
| 40747 | capability.graph | complete | 1 / 3 | 2 months ago |
| 40748 | detector.run | complete | 1 / 3 | 2 months ago |
| 40749 | validation.fork | complete | 1 / 3 | 2 months ago |
| 41295 | report.consolidate | failed | 6 / 6 | 2 months ago |
| 41296 | tool.slither | complete | 1 / 2 | 2 months ago |
{
"status": "etherscan_only",
"etherscan_hint": {
"source": "etherscan",
"etherscan": {
"proxy_flag": true,
"implementation": "0x9230d2f3c7620c949ea029f0e19a9d59c93827a8"
}
},
"implementation": "0x9230d2f3c7620c949ea029f0e19a9d59c93827a8"
}
'forge clean' running (wd: /tmp/slither-5wyntowf) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-5wyntowf) Diamond.fallback() (contracts/Diamond.sol#25-52) uses assembly - INLINE ASM (contracts/Diamond.sol#29-31) - INLINE ASM (contracts/Diamond.sol#36-51) LibDiamond.diamondStorage() (contracts/libraries/LibDiamond.sol#47-52) uses assembly - INLINE ASM (contracts/libraries/LibDiamond.sol#49-51) LibDiamond.initializeDiamondCut(address,bytes) (contracts/libraries/LibDiamond.sol#299-320) uses assembly - INLINE ASM (contracts/libraries/LibDiamond.sol#312-315) LibDiamond.enforceHasContractCode(address,string) (contracts/libraries/LibDiamond.sol#322-331) uses assembly - INLINE ASM (contracts/libraries/LibDiamond.sol#327-329) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage Low level call in LibDiamond.initializeDiamondCut(address,bytes) (contracts/libraries/LibDiamond.sol#299-320): - (success,error) = _init.delegatecall(_calldata) (contracts/libraries/LibDiamond.sol#307) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls Parameter LibDiamond.setContractOwner(address)._newOwner (contracts/libraries/LibDiamond.sol#59) is not in mixedCase Parameter LibDiamond.diamondCut(IDiamondCut.FacetCut[],address,bytes)._diamondCut (contracts/libraries/LibDiamond.sol#85) is not in mixedCase Parameter LibDiamond.diamondCut(IDiamondCut.FacetCut[],address,bytes)._init (contracts/libraries/LibDiamond.sol#86) is not in mixedCase Parameter LibDiamond.diamondCut(IDiamondCut.FacetCut[],address,bytes)._calldata (contracts/libraries/LibDiamond.sol#87) is not in mixedCase Parameter LibDiamond.addFunctions(address,bytes4[])._facetAddress (contracts/libraries/LibDiamond.sol#115) is not in mixedCase Parameter LibDiamond.addFunctions(address,bytes4[])._functionSelectors (contracts/libraries/LibDiamond.sol#116) is not in mixedCase Parameter LibDiamond.replaceFunctions(address,bytes4[])._facetAddress (contracts/libraries/LibDiamond.sol#153) is not in mixedCase Parameter LibDiamond.replaceFunctions(address,bytes4[])._functionSelectors (contracts/libraries/LibDiamond.sol#154) is not in mixedCase Parameter LibDiamond.removeFunctions(address,bytes4[])._facetAddress (contracts/libraries/LibDiamond.sol#192) is not in mixedCase Parameter LibDiamond.removeFunctions(address,bytes4[])._functionSelectors (contracts/libraries/LibDiamond.sol#193) is not in mixedCase Parameter LibDiamond.addFacet(LibDiamond.DiamondStorage,address)._facetAddress (contracts/libraries/LibDiamond.sol#218) is not in mixedCase Parameter LibDiamond.addFunction(LibDiamond.DiamondStorage,bytes4,uint96,address)._selector (contracts/libraries/LibDiamond.sol#231) is not in mixedCase Parameter LibDiamond.addFunction(LibDiamond.DiamondStorage,bytes4,uint96,address)._selectorPosition (contracts/libraries/LibDiamond.sol#232) is not in mixedCase Parameter LibDiamond.addFunction(LibDiamond.DiamondStorage,bytes4,uint96,address)._facetAddress (contracts/libraries/LibDiamond.sol#233) is not in mixedCase Parameter LibDiamond.removeFunction(LibDiamond.DiamondStorage,address,bytes4)._facetAddress (contracts/libraries/LibDiamond.sol#244) is not in mixedCase Parameter LibDiamond.removeFunction(LibDiamond.DiamondStorage,address,bytes4)._selector (contracts/libraries/LibDiamond.sol#245) is not in mixedCase Parameter LibDiamond.initializeDiamondCut(address,bytes)._init (contracts/libraries/LibDiamond.sol#300) is not in mixedCase Parameter LibDiamond.initializeDiamondCut(address,bytes)._calldata (contracts/libraries/LibDiamond.sol#301) is not in mixedCase Parameter LibDiamond.enforceHasContractCode(address,string)._contract (contracts/libraries/LibDiamond.sol#323) is not in mixedCase Parameter LibDiamond.enforceHasContractCode(address,string)._errorMessage (contracts/libraries/LibDiamond.sol#324) is not in mixedCase Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions . analyzed (3 contracts with 100 detectors), 25 result(s) found
{
"solc": {
"status": "ok",
"use_rc": 0,
"version": "0.8.24",
"strategy": "solc-select",
"solc_path": "/var/www/tripwire/.venv/bin/solc",
"install_rc": 0,
"use_stderr": null,
"use_stdout": "Switched global version to 0.8.24",
"install_stderr": null,
"install_stdout": "Version '0.8.24' is already installed, skipping..."
},
"solc_args": "--base-path /tmp/slither-5wyntowf --allow-paths /tmp/slither-5wyntowf,/tmp/slither-5wyntowf/lib,/tmp/slither-5wyntowf/src",
"remappings": [],
"source_files": [
"contracts/Diamond.sol",
"contracts/interfaces/IDiamondCut.sol",
"contracts/libraries/LibDiamond.sol"
],
"contract_count": 0,
"contract_names": [],
"detector_count": 25,
"workspace_hash": "dfeda5694c429dd06ac330ac4409f076b54e7374847e973540f09002ec3c2136",
"duration_seconds": 0.5636377334594727,
"solc_version_requested": "0.8.24"
}
Traceback (most recent call last):
File "/var/www/tripwire/worker/worker.py", line 198, in main
payload = dispatch_job(job_type, job_id, job_meta, run_data, config, laravel_client)
File "/var/www/tripwire/worker/worker.py", line 121, in dispatch_job
return report_consolidate.run(job_id, job_meta, run_data, config, log, laravel_client)
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/www/tripwire/worker/jobs/report_consolidate.py", line 605, in run
raise RuntimeError("implementation_not_ready")
RuntimeError: implementation_not_ready
00000000: PUSH1 0x80 00000002: PUSH1 0x40 00000004: MSTORE 00000005: CALLDATASIZE 00000006: PUSH2 0x000b 00000009: JUMPI 0000000a: STOP 0000000b: JUMPDEST 0000000c: PUSH1 0x00 0000000e: DUP1 0000000f: PUSH32 0xc8fcad8db84d3cc18b4c41d551ea0ee66dd599cde068d998e57d5e09332c131c 00000030: SWAP1 00000031: POP 00000032: DUP1 00000033: SWAP2 00000034: POP 00000035: PUSH1 0x00 00000037: DUP3 00000038: PUSH1 0x00 0000003a: ADD 0000003b: PUSH1 0x00 0000003d: DUP1 0000003e: CALLDATALOAD 0000003f: PUSH32 0xffffffff00000000000000000000000000000000000000000000000000000000 00000060: AND 00000061: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0000007e: NOT 0000007f: AND 00000080: PUSH28 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0000009d: NOT 0000009e: AND 0000009f: DUP2 000000a0: MSTORE 000000a1: PUSH1 0x20 000000a3: ADD 000000a4: SWAP1 000000a5: DUP2 000000a6: MSTORE 000000a7: PUSH1 0x20 000000a9: ADD 000000aa: PUSH1 0x00 000000ac: KECCAK256 000000ad: PUSH1 0x00 000000af: ADD 000000b0: PUSH1 0x00 000000b2: SWAP1 000000b3: SLOAD 000000b4: SWAP1 000000b5: PUSH2 0x0100 000000b8: EXP 000000b9: SWAP1 000000ba: DIV 000000bb: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000d0: AND 000000d1: SWAP1 000000d2: POP 000000d3: PUSH1 0x00 000000d5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 000000ea: AND 000000eb: DUP2 000000ec: PUSH20 0xffffffffffffffffffffffffffffffffffffffff 00000101: AND 00000102: SUB 00000103: PUSH2 0x0141 00000106: JUMPI 00000107: PUSH1 0x40 00000109: MLOAD 0000010a: PUSH32 0x08c379a000000000000000000000000000000000000000000000000000000000 0000012b: DUP2 0000012c: MSTORE 0000012d: PUSH1 0x04 0000012f: ADD 00000130: PUSH2 0x0138 00000133: SWAP1 00000134: PUSH2 0x01c4 00000137: JUMP 00000138: JUMPDEST 00000139: PUSH1 0x40 0000013b: MLOAD 0000013c: DUP1 0000013d: SWAP2 0000013e: SUB 0000013f: SWAP1 00000140: REVERT 00000141: JUMPDEST 00000142: CALLDATASIZE 00000143: PUSH1 0x00 00000145: DUP1 00000146: CALLDATACOPY 00000147: PUSH1 0x00 00000149: DUP1 0000014a: CALLDATASIZE 0000014b: PUSH1 0x00 0000014d: DUP5 0000014e: GAS 0000014f: DELEGATECALL 00000150: RETURNDATASIZE 00000151: PUSH1 0x00 00000153: DUP1 00000154: RETURNDATACOPY 00000155: DUP1 00000156: PUSH1 0x00 00000158: DUP2 00000159: EQ 0000015a: PUSH2 0x0162 0000015d: JUMPI 0000015e: RETURNDATASIZE 0000015f: PUSH1 0x00 00000161: RETURN 00000162: JUMPDEST 00000163: RETURNDATASIZE 00000164: PUSH1 0x00 00000166: REVERT 00000167: JUMPDEST 00000168: PUSH1 0x00 0000016a: DUP3 0000016b: DUP3 0000016c: MSTORE 0000016d: PUSH1 0x20 0000016f: DUP3 00000170: ADD 00000171: SWAP1 00000172: POP 00000173: SWAP3 00000174: SWAP2 00000175: POP 00000176: POP 00000177: JUMP 00000178: JUMPDEST 00000179: PUSH32 0x4469616d6f6e643a2046756e6374696f6e20646f6573206e6f74206578697374 0000019a: PUSH1 0x00 0000019c: DUP3 0000019d: ADD 0000019e: MSTORE 0000019f: POP 000001a0: JUMP 000001a1: JUMPDEST 000001a2: PUSH1 0x00 000001a4: PUSH2 0x01ae 000001a7: PUSH1 0x20 000001a9: DUP4 000001aa: PUSH2 0x0167 000001ad: JUMP 000001ae: JUMPDEST 000001af: SWAP2 000001b0: POP 000001b1: PUSH2 0x01b9 000001b4: DUP3 000001b5: PUSH2 0x0178 000001b8: JUMP 000001b9: JUMPDEST 000001ba: PUSH1 0x20 000001bc: DUP3 000001bd: ADD 000001be: SWAP1 000001bf: POP 000001c0: SWAP2 000001c1: SWAP1 000001c2: POP 000001c3: JUMP 000001c4: JUMPDEST 000001c5: PUSH1 0x00 000001c7: PUSH1 0x20 000001c9: DUP3 000001ca: ADD 000001cb: SWAP1 000001cc: POP 000001cd: DUP2 000001ce: DUP2 000001cf: SUB 000001d0: PUSH1 0x00 000001d2: DUP4 000001d3: ADD 000001d4: MSTORE 000001d5: PUSH2 0x01dd 000001d8: DUP2 000001d9: PUSH2 0x01a1 000001dc: JUMP 000001dd: JUMPDEST 000001de: SWAP1 000001df: POP 000001e0: SWAP2 000001e1: SWAP1 000001e2: POP 000001e3: JUMP 000001e4: INVALID 000001e5: LOG2 000001e6: PUSH5 0x6970667358 000001ec: UNKNOWN(0x22) 000001ed: SLT 000001ee: KECCAK256 000001ef: BASEFEE 000001f0: SWAP8 000001f1: ADD 000001f2: SWAP5 000001f3: CALLVALUE 000001f4: UNKNOWN(0xB4) 000001f5: CALLDATACOPY 000001f6: PUSH30 0x0294d051161153584bc9b27bea1602d4501b4ca5249fd14a64736f6c6343 00000215: STOP 00000216: ADDMOD 00000217: XOR 00000218: STOP 00000219: CALLER
| Severity | Category | Tool | Title | Confidence | Validated | Confirmed | Details |
|---|---|---|---|---|---|---|---|
| critical | upgradeability | detector | Untrusted DELEGATECALL target reachable | 70 | no | no |
viewvalidation_json{
"sink": "DELEGATECALL",
"errors": 10,
"status": "unknown",
"attempts": 11,
"confirmed": false,
"trace_mode": "callTracer",
"call_targets": null,
"matched_probe": null,
"target_varies": null,
"classification": "no_sink"
}
witness_json{
"notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
"constraints": [],
"entrypoints": [
{
"calldata": "0x",
"selector": "fallback",
"calldata_variants": [
"0x"
]
}
]
}
evidence_json{
"examples": [
{
"pc": 335,
"opcode": "DELEGATECALL",
"returndata_checked": null,
"value_expression_category": "n/a",
"target_expression_category": "computed"
}
],
"guards_detected": [],
"delegatecall_count": 1,
"untrusted_delegatecall_count": 1
}
|
| medium | upgradeability | cast | DELEGATECALL present | 80 | no | — |
viewevidence_json{
"notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
"delegatecall_count": 1
}
|