Analysis Run

019c0ea9-08db-7251-a242-d503c3242510

failed

Chain ID

1

Address

0x0b57c3d5a7a93c3e9652459aff3c7fef792a7c2c

Block Number

—

Created

Fri, Jan 30, 2026 11:28 AM

Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract

Confirmed

0

Validated

0

Source

Verified

Review Backing

Present

Best current signal

Untrusted DELEGATECALL target reachable

crit 0 high 0 proxy context implementation known

Review Checklist

1. Read the findings table first. Ignore raw jobs until the result looks real.

2. Confirm attacker control, not just the existence of a sink.

3. Confirm money or privilege impact.

4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts

ID	Type	Status	Attempts	Heartbeat
41928	artifact.fetch	complete	1 / 3	2 months ago
41929	proxy.resolve	complete	1 / 3	2 months ago
41930	tool.cast_disasm	complete	1 / 3	2 months ago
41931	analysis.bundle	complete	1 / 3	2 months ago
41932	capability.graph	complete	1 / 3	2 months ago
41933	detector.run	complete	1 / 3	2 months ago
41934	validation.fork	complete	1 / 3	2 months ago
42362	report.consolidate	failed	6 / 6	2 months ago
42363	tool.slither	complete	1 / 2	2 months ago

Artifact

Runtime bytecode: available

Creation TX: —

Deployer: —

Proxy: yes etherscan_only

Implementation:

0xaa282c8ab681fbd501a2b8fa0ea558cbf5785f73

Verified Source: yes

Proxy evidence

{
    "status": "etherscan_only",
    "etherscan_hint": {
        "source": "etherscan",
        "etherscan": {
            "proxy_flag": true,
            "implementation": "0xaa282c8ab681fbd501a2b8fa0ea558cbf5785f73"
        }
    },
    "implementation": "0xaa282c8ab681fbd501a2b8fa0ea558cbf5785f73"
}

Slither

tool.slither

Status

complete

Attempts

1 / 2

Findings

1

Solc

0.8.18 (solc-select)

View stderr

'forge clean' running (wd: /tmp/slither-fleytsy5)
'forge config --json' running
'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-fleytsy5)

Contract locking ether found:
	Contract Avocado (contracts/Avocado.sol#20-117) has payable functions:
	 - Avocado.fallback() (contracts/Avocado.sol#64-116)
	But does not have a function to withdraw the ether
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#contracts-that-lock-ether

Avocado.constructor() (contracts/Avocado.sol#39-55) uses assembly
	- INLINE ASM (contracts/Avocado.sol#45-51)
Avocado.fallback() (contracts/Avocado.sol#64-116) uses assembly
	- INLINE ASM (contracts/Avocado.sol#66-115)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage

Version constraint >=0.8.18 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
	- VerbatimInvalidDeduplication
	- FullInlinerNonExpressionSplitArgumentEvaluationOrder
	- MissingSideEffectsOnSelectorAccess.
It is used by:
	- >=0.8.18 (contracts/Avocado.sol#2)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity

Low level call in Avocado.constructor() (contracts/Avocado.sol#39-55):
	- (None,deployData_) = msg.sender.staticcall(bytes(0x8c657389)) (contracts/Avocado.sol#41)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls

Function IAvocado._avoImpl() (contracts/Avocado.sol#7) is not in mixedCase
Function IAvocado._data() (contracts/Avocado.sol#9) is not in mixedCase
Function IAvocado._owner() (contracts/Avocado.sol#11) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions

Avocado.fallback() (contracts/Avocado.sol#64-116) uses literals with too many digits:
	- functionSelector__fallback_asm_0 == 0xb2bdfa7b00000000000000000000000000000000000000000000000000000000 (contracts/Avocado.sol#70-74)
Avocado.fallback() (contracts/Avocado.sol#64-116) uses literals with too many digits:
	- mstore(uint256,uint256)(0,data_ & 0x000000000000000000000000ffffffffffffffffffffffffffffffffffffffff) (contracts/Avocado.sol#72)
Avocado.fallback() (contracts/Avocado.sol#64-116) uses literals with too many digits:
	- functionSelector__fallback_asm_0 == 0x68beab3f00000000000000000000000000000000000000000000000000000000 (contracts/Avocado.sol#77-80)
Avocado.fallback() (contracts/Avocado.sol#64-116) uses literals with too many digits:
	- functionSelector__fallback_asm_0 == 0x874095c600000000000000000000000000000000000000000000000000000000 (contracts/Avocado.sol#88-91)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits

Avocado._avoImpl (contracts/Avocado.sol#34) should be immutable 
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-immutable
. analyzed (2 contracts with 100 detectors), 13 result(s) found

Metadata

{
    "solc": {
        "status": "ok",
        "use_rc": 0,
        "version": "0.8.18",
        "strategy": "solc-select",
        "solc_path": "/var/www/tripwire/.venv/bin/solc",
        "install_rc": 0,
        "use_stderr": null,
        "use_stdout": "Switched global version to 0.8.18",
        "install_stderr": null,
        "install_stdout": "Version '0.8.18' is already installed, skipping..."
    },
    "solc_args": "--base-path /tmp/slither-fleytsy5 --allow-paths /tmp/slither-fleytsy5,/tmp/slither-fleytsy5/lib,/tmp/slither-fleytsy5/src",
    "remappings": [],
    "source_files": [
        "contracts/Avocado.sol"
    ],
    "contract_count": 0,
    "contract_names": [],
    "detector_count": 13,
    "workspace_hash": "24fe516a9145e268cbd94d64df8115525f088e6af1b82794db514564712b8951",
    "duration_seconds": 0.38285207748413086,
    "solc_version_requested": "0.8.18"
}

Codex

report.consolidate

Job Status

failed implementation_not_ready

Attempts

6 / 6

Findings

0

No findings?

—

View stderr

Traceback (most recent call last):
  File "/var/www/tripwire/worker/worker.py", line 198, in main
    payload = dispatch_job(job_type, job_id, job_meta, run_data, config, laravel_client)
  File "/var/www/tripwire/worker/worker.py", line 121, in dispatch_job
    return report_consolidate.run(job_id, job_meta, run_data, config, log, laravel_client)
           ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/www/tripwire/worker/jobs/report_consolidate.py", line 605, in run
    raise RuntimeError("implementation_not_ready")
RuntimeError: implementation_not_ready

Opcode Heuristics

tool.cast_disasm

Delegatecall

1

Selfdestruct

0

CREATE2

0

CALL-family (heavy)

0

EXT*/BALANCE

0

Total opcodes

108

Flags

delegatecall_present proxy_like_runtime

View cast disassembly output

00000000: PUSH1 0x80
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH32 0x000000000000000000000000372e2d6f74efa2c5a4c72dac4a31da09e8505995
00000026: PUSH1 0x00
00000028: CALLDATALOAD
00000029: PUSH32 0x4d42058500000000000000000000000000000000000000000000000000000000
0000004a: DUP2
0000004b: ADD
0000004c: PUSH2 0x006f
0000004f: JUMPI
00000050: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000065: DUP3
00000066: AND
00000067: PUSH1 0x00
00000069: MSTORE
0000006a: PUSH1 0x20
0000006c: PUSH1 0x00
0000006e: RETURN
0000006f: JUMPDEST
00000070: PUSH32 0x68beab3f00000000000000000000000000000000000000000000000000000000
00000091: DUP2
00000092: SUB
00000093: PUSH2 0x00a0
00000096: JUMPI
00000097: DUP2
00000098: PUSH1 0x00
0000009a: MSTORE
0000009b: PUSH1 0x20
0000009d: PUSH1 0x00
0000009f: RETURN
000000a0: JUMPDEST
000000a1: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000000b6: PUSH1 0x00
000000b8: SLOAD
000000b9: AND
000000ba: PUSH32 0x874095c600000000000000000000000000000000000000000000000000000000
000000db: DUP3
000000dc: SUB
000000dd: PUSH2 0x00ea
000000e0: JUMPI
000000e1: DUP1
000000e2: PUSH1 0x00
000000e4: MSTORE
000000e5: PUSH1 0x20
000000e7: PUSH1 0x00
000000e9: RETURN
000000ea: JUMPDEST
000000eb: CALLDATASIZE
000000ec: PUSH1 0x00
000000ee: DUP1
000000ef: CALLDATACOPY
000000f0: PUSH1 0x00
000000f2: DUP1
000000f3: CALLDATASIZE
000000f4: PUSH1 0x00
000000f6: DUP5
000000f7: GAS
000000f8: DELEGATECALL
000000f9: SWAP2
000000fa: POP
000000fb: POP
000000fc: RETURNDATASIZE
000000fd: PUSH1 0x00
000000ff: DUP1
00000100: RETURNDATACOPY
00000101: DUP1
00000102: DUP1
00000103: ISZERO
00000104: PUSH2 0x010c
00000107: JUMPI
00000108: RETURNDATASIZE
00000109: PUSH1 0x00
0000010b: RETURN
0000010c: JUMPDEST
0000010d: RETURNDATASIZE
0000010e: PUSH1 0x00
00000110: REVERT
00000111: INVALID
00000112: LOG2
00000113: PUSH5 0x6970667358
00000119: UNKNOWN(0x22)
0000011a: SLT
0000011b: KECCAK256
0000011c: UNKNOWN(0xBF)
0000011d: OR
0000011e: XOR
0000011f: CALLVALUE
00000120: UNKNOWN(0xB0)
00000121: SWAP5
00000122: DUP15
00000123: UNKNOWN(0xBF)
00000124: REVERT
00000125: NOT
00000126: PUSH14 0x6a4208dbd5d0a71f76dfac9d9049
00000135: SWAP14
00000136: UNKNOWN(0xE3)
00000137: XOR
00000138: UNKNOWN(0xC5)
00000139: SWAP6
0000013a: PC
0000013b: UNKNOWN(0xFC)
0000013c: PUSH5 0x736f6c6343
00000142: STOP
00000143: ADDMOD
00000144: SLT
00000145: STOP
00000146: CALLER

Findings

validated = confirmed for call sinks; sink observed for others

Severity	Category	Tool	Title	Confidence	Validated	Confirmed	Details
critical	upgradeability	detector	Untrusted DELEGATECALL target reachable	70	no	no	view trace_id: 0xe3a8170df75419ccd71b289ebe77e229f04aa8b4740ae8508ef1efab467865f8 call_targets: 0xaa282c8ab681fbd501a2b8fa0ea558cbf5785f73 target_varies: no classification: constant_target validation_json { "sink": "DELEGATECALL", "errors": 0, "status": "sink_reached", "attempts": 1, "trace_id": "0xe3a8170df75419ccd71b289ebe77e229f04aa8b4740ae8508ef1efab467865f8", "confirmed": false, "trace_mode": "callTracer", "call_targets": [ "0xaa282c8ab681fbd501a2b8fa0ea558cbf5785f73" ], "matched_probe": null, "target_varies": false, "classification": "constant_target" } witness_json { "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata", "constraints": [], "entrypoints": [ { "calldata": "0x", "selector": "fallback", "calldata_variants": [ "0x" ] } ] } evidence_json { "examples": [ { "pc": 248, "opcode": "DELEGATECALL", "returndata_checked": null, "value_expression_category": "n/a", "target_expression_category": "computed" } ], "guards_detected": [], "delegatecall_count": 1, "untrusted_delegatecall_count": 1 }
medium	upgradeability	cast	DELEGATECALL present	80	no	—	view evidence_json { "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns", "delegatecall_count": 1 }
medium	other	slither	Contract locking ether found:	75	no	—	view evidence_json { "impact": "Medium", "detector": "locked-ether", "elements": [ { "name": "Avocado", "type": "contract", "source_mapping": { "lines": [ 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117 ], "start": 753, "length": 4589, "ending_column": 2, "is_dependency": false, "filename_short": "contracts/Avocado.sol", "starting_column": 1, "filename_absolute": "/tmp/slither-fleytsy5/contracts/Avocado.sol", "filename_relative": "contracts/Avocado.sol" } }, { "name": "fallback", "type": "function", "source_mapping": { "lines": [ 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116 ], "start": 2813, "length": 2527, "ending_column": 6, "is_dependency": false, "filename_short": "contracts/Avocado.sol", "starting_column": 5, "filename_absolute": "/tmp/slither-fleytsy5/contracts/Avocado.sol", "filename_relative": "contracts/Avocado.sol" }, "type_specific_fields": { "parent": { "name": "Avocado", "type": "contract", "source_mapping": { "lines": [ 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117 ], "start": 753, "length": 4589, "ending_column": 2, "is_dependency": false, "filename_short": "contracts/Avocado.sol", "starting_column": 1, "filename_absolute": "/tmp/slither-fleytsy5/contracts/Avocado.sol", "filename_relative": "contracts/Avocado.sol" } }, "signature": "fallback()" } } ], "locations": [ { "file": "contracts/Avocado.sol", "name": "Avocado", "type": "contract", "lines": [ 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117 ] }, { "file": "contracts/Avocado.sol", "name": "fallback", "type": "function", "lines": [ 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116 ] } ], "description": "Contract locking ether found:\n\tContract Avocado (contracts/Avocado.sol#20-117) has payable functions:\n\t - Avocado.fallback() (contracts/Avocado.sol#64-116)\n\tBut does not have a function to withdraw the ether" }
info	upgradeability	cast	Likely proxy-like runtime	60	no	—	view evidence_json { "notes": "short runtime with SLOAD and DELEGATECALL resembles minimal proxy/upgradeable pattern", "sload_count": 1, "total_opcodes": 108, "delegatecall_count": 1 }