TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

18c1a5b2-8ef1-4134-8037-cd13756c5468

failed
Chain ID
1
Address
0xd5524179cb7ae012f5b642c1d6d700bbaa76b96b
Block Number
Created
Fri, Jan 2, 2026 5:21 AM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted DELEGATECALL target reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
31233 report.consolidate complete 1 / 1 3 months ago
95209 artifact.fetch failed 1 / 3 1 week ago
95210 tool.cast_disasm complete 1 / 3 1 week ago
95211 analysis.bundle complete 1 / 3 1 week ago
95212 capability.graph complete 1 / 3 1 week ago
95213 detector.run complete 1 / 3 1 week ago
95214 validation.fork complete 1 / 3 1 week ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
0
No findings?
yes
Summary
Reviewed AUDIT_BUNDLE.txt (contracts/Contract.sol). Only interfaces/base classes and the Order library are present; no concrete, exploitable profit path found.
View stderr 
[codex:298405] OpenAI Codex v0.77.0 (research preview)
[codex:298405] --------
[codex:298405] workdir: /tmp/codex-multi-_k10h62d
[codex:298405] model: gpt-5.2-codex
[codex:298405] provider: openai
[codex:298405] approval: never
[codex:298405] sandbox: read-only
[codex:298405] reasoning effort: xhigh
[codex:298405] reasoning summaries: auto
[codex:298405] session id: 019b7d26-cfc1-7131-8ffe-8fda9fb84b0c
[codex:298405] --------
[codex:298405] user
[codex:298405] You are a profit-focused exploit hunter. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:298405] 
[codex:298405] Read `AUDIT_BUNDLE.txt` completely before concluding. Treat `lib/` and `@openzeppelin/` as trusted unless misused.
[codex:298405] 
[codex:298405] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:298405] - Gas inefficiency, code quality, naming, or best practices
[codex:298405] - Theoretical vulnerabilities without a clear extraction path
[codex:298405] - Centralization risks (admin can rug) - assume admin keys are secure
[codex:298405] - Front-running unless it enables theft beyond MEV
[codex:298405] - DoS, griefing, or issues that don't result in attacker profit
[codex:298405] - Missing events, view function issues, or informational findings
[codex:298405] 
[codex:298405] HIGH-VALUE PATTERNS TO HUNT:
[codex:298405] - Reentrancy: external calls before state updates that allow double-withdrawal
[codex:298405] - Access control: missing/bypassable auth on withdraw, transfer, or mint functions
[codex:298405] - Flash loan attacks: borrow -> manipulate -> profit in single tx
[codex:298405] - Price oracle manipulation: TWAP with short window, spot price reads, stale prices
[codex:298405] - Signature replay: missing nonce, chainId, or deadline in permit/meta-tx
[codex:298405] - Proxy hijacking: unprotected initialize(), storage collision, UUPS without auth
[codex:298405] - Accounting errors: rounding that favors attacker, share inflation, first depositor attacks
[codex:298405] - Unchecked external calls: return value ignored on token transfers enabling fake tokens
[codex:298405] - Cross-function reentrancy: state read in function A, modified via reentrant call, used stale in A
[codex:298405] 
[codex:298405] For each finding, you MUST provide:
[codex:298405] 1. Exact file and line numbers of vulnerable code
[codex:298405] 2. Step-by-step exploit transaction sequence
[codex:298405] 3. Estimated profit potential (order of magnitude: contract balance, LP reserves, etc.)
[codex:298405] 
[codex:298405] If no concrete profit path exists: set no_findings=true. Do NOT pad with low-severity noise.
[codex:298405] 
[codex:298405] Output MUST be valid JSON matching the provided schema.
[codex:298405] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:298405] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:298405] mcp startup: no servers
[codex:298405] 
[codex:298405] thinking
[codex:298405] **Reviewing audit bundle instructions**
[codex:298405] exec
[codex:298405] /bin/bash -lc ls in /tmp/codex-multi-_k10h62d succeeded in 5ms:
[codex:298405] AUDIT_BUNDLE.txt
[codex:298405] codex-output-schema.json
[codex:298405] contracts
[codex:298405] 
[codex:298405] thinking
[codex:298405] **Reading file content**
[codex:298405] exec
[codex:298405] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-_k10h62d succeeded in 5ms:
[codex:298405] This file concatenates first-party Solidity sources only (lib/@openzeppelin excluded).
[codex:298405] 
[codex:298405] ================================================================================
[codex:298405] FILE: contracts/Contract.sol
[codex:298405] ================================================================================
[codex:298405] pragma solidity 0.4.20;
[codex:298405] 
[codex:298405] contract IAugur {
[codex:298405]     function createChildUniverse(bytes32 _parentPayoutDistributionHash, uint256[] _parentPayoutNumerators, bool _parentInvalid) public returns (IUniverse);
[codex:298405]     function isKnownUniverse(IUniverse _universe) public view returns (bool);
[codex:298405]     function trustedTransfer(ERC20 _token, address _from, address _to, uint256 _amount) public returns (bool);
[codex:298405]     function logMarketCreated(bytes32 _topic, string _description, string _extraInfo, IUniverse _universe, address _market, address _marketCreator, bytes32[] _outcomes, int256 _minPrice, int256 _maxPrice, IMarket.MarketType _marketType) public returns (bool);
[codex:298405]     function logMarketCreated(bytes32 _topic, string _description, string _extraInfo, IUniverse _universe, address _market, address _marketCreator, int256 _minPrice, int256 _maxPrice, IMarket.MarketType _marketType) public returns (bool);
[codex:298405]     function logInitialReportSubmitted(IUniverse _universe, address _reporter, address _market, uint256 _amountStaked, bool _isDesignatedReporter, uint256[] _payoutNumerators, bool _invalid) public returns (bool);
[codex:298405]     function disputeCrowdsourcerCreated(IUniverse _universe, address _market, address _disputeCrowdsourcer, uint256[] _payoutNumerators, uint256 _size, bool _invalid) public returns (bool);
[codex:298405]     function logDisputeCrowdsourcerContribution(IUniverse _universe, address _reporter, address _market, address _disputeCrowdsourcer, uint256 _amountStaked) public returns (bool);
[codex:298405]     function logDisputeCrowdsourcerCompleted(IUniverse _universe, address _market, address _disputeCrowdsourcer) public returns (bool);
[codex:298405]     function logInitialReporterRedeemed(IUniverse _universe, address _reporter, address _market, uint256 _amountRedeemed, uint256 _repReceived, uint256 _reportingFeesReceived, uint256[] _payoutNumerators) public returns (bool);
[codex:298405]     function logDisputeCrowdsourcerRedeemed(IUniverse _universe, address _reporter, address _market, uint256 _amountRedeemed, uint256 _repReceived, uint256 _reportingFeesReceived, uint256[] _payoutNumerators) public returns (bool);
[codex:298405]     function logFeeWindowRedeemed(IUniverse _universe, address _reporter, uint256 _amountRedeemed, uint256 _reportingFeesReceived) public returns (bool);
[codex:298405] 
[codex:298405] thinking
[codex:298405] **Continuing file review**
[codex:298405] exec
[codex:298405] /bin/bash -lc "sed -n '200,400p' AUDIT_BUNDLE.txt" in /tmp/codex-multi-_k10h62d succeeded in 7ms:
[codex:298405]         return c;
[codex:298405]     }
[codex:298405] 
[codex:298405]     function sub(uint256 a, uint256 b) internal pure returns (uint256) {
[codex:298405]         require(b <= a);
[codex:298405]         return a - b;
[codex:298405]     }
[codex:298405] 
[codex:298405]     function add(uint256 a, uint256 b) internal pure returns (uint256) {
[codex:298405]         uint256 c = a + b;
[codex:298405]         require(c >= a);
[codex:298405]         return c;
[codex:298405]     }
[codex:298405] 
[codex:298405]     function min(uint256 a, uint256 b) internal pure returns (uint256) {
[codex:298405]         if (a <= b) {
[codex:298405]             return a;
[codex:298405]         } else {
[codex:298405]             return b;
[codex:298405]         }
[codex:298405] 
[codex:298405] thinking
[codex:298405] **Checking if contract file continues**
[codex:298405] exec
[codex:298405] /bin/bash -lc 'tail -n 200 AUDIT_BUNDLE.txt' in /tmp/codex-multi-_k10h62d succeeded in 6ms:
[codex:298405]     function withdrawEther(uint256 _amount) external returns(bool);
[codex:298405]     function withdrawEtherTo(address _to, uint256 _amount) external returns(bool);
[codex:298405]     function withdrawEtherToIfPossible(address _to, uint256 _amount) external returns (bool);
[codex:298405] }
[codex:298405] 
[codex:298405] contract IOrders {
[codex:298405]     function saveOrder(Order.Types _type, IMarket _market, uint256 _fxpAmount, uint256 _price, address _sender, uint256 _outcome, uint256 _moneyEscrowed, uint256 _sharesEscrowed, bytes32 _betterOrderId, bytes32 _worseOrderId, bytes32 _tradeGroupId) public returns (bytes32 _orderId);
[codex:298405]     function removeOrder(bytes32 _orderId) public returns (bool);
[codex:298405]     function getMarket(bytes32 _orderId) public view returns (IMarket);
[codex:298405]     function getOrderType(bytes32 _orderId) public view returns (Order.Types);
[codex:298405]     function getOutcome(bytes32 _orderId) public view returns (uint256);
[codex:298405]     function getAmount(bytes32 _orderId) public view returns (uint256);
[codex:298405]     function getPrice(bytes32 _orderId) public view returns (uint256);
[codex:298405]     function getOrderCreator(bytes32 _orderId) public view returns (address);
[codex:298405]     function getOrderSharesEscrowed(bytes32 _orderId) public view returns (uint256);
[codex:298405]     function getOrderMoneyEscrowed(bytes32 _orderId) public view returns (uint256);
[codex:298405]     function getBetterOrderId(bytes32 _orderId) public view returns (bytes32);
[codex:298405]     function getWorseOrderId(bytes32 _orderId) public view returns (bytes32);
[codex:298405]     function getBestOrderId(Order.Types _type, IMarket _market, uint256 _outcome) public view returns (bytes32);
[codex:298405]     function getWorstOrderId(Order.Types _type, IMarket _market, uint256 _outcome) public view returns (bytes32);
[codex:298405] 
[codex:298405] thinking
[codex:298405] **Confirming absence of exploitable paths**
[codex:298405] exec
[codex:298405] /bin/bash -lc 'wc -l AUDIT_BUNDLE.txt' in /tmp/codex-multi-_k10h62d succeeded in 5ms:
[codex:298405] 616 AUDIT_BUNDLE.txt
[codex:298405] 
[codex:298405] thinking
[codex:298405] **Preparing final JSON report**
[codex:298405] codex
[codex:298405] {"no_findings":true,"summary":"Reviewed AUDIT_BUNDLE.txt (contracts/Contract.sol). Only interfaces/base classes and the Order library are present; no concrete, exploitable profit path found.","findings":[]}
[codex:298405] tokens used
[codex:298405] 19,253
[codex:298405] {"no_findings":true,"summary":"Reviewed AUDIT_BUNDLE.txt (contracts/Contract.sol). Only interfaces/base classes and the Order library are present; no concrete, exploitable profit path found.","findings":[]}
Metadata 
{
    "codex": {
        "ran_at": "2026-01-02T05:21:23.234518+00:00",
        "returncode": 0
    },
    "summary": "Reviewed AUDIT_BUNDLE.txt (contracts/Contract.sol). Only interfaces/base classes and the Order library are present; no concrete, exploitable profit path found.",
    "raw_final": {
        "summary": "Reviewed AUDIT_BUNDLE.txt (contracts/Contract.sol). Only interfaces/base classes and the Order library are present; no concrete, exploitable profit path found.",
        "findings": [],
        "no_findings": true
    },
    "no_findings": true,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
1
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
1
EXT*/BALANCE
2
Total opcodes
317
Flags
delegatecall_present
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0x04
00000007: CALLDATASIZE
00000008: LT
00000009: PUSH2 0x0056
0000000c: JUMPI
0000000d: PUSH4 0xffffffff
00000012: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
00000030: PUSH1 0x00
00000032: CALLDATALOAD
00000033: DIV
00000034: AND
00000035: PUSH4 0x3018205f
0000003a: DUP2
0000003b: EQ
0000003c: PUSH2 0x0140
0000003f: JUMPI
00000040: DUP1
00000041: PUSH4 0x92eefe9b
00000046: EQ
00000047: PUSH2 0x017c
0000004a: JUMPI
0000004b: DUP1
0000004c: PUSH4 0xbef72fa2
00000051: EQ
00000052: PUSH2 0x01bc
00000055: JUMPI
00000056: JUMPDEST
00000057: PUSH1 0x01
00000059: SLOAD
0000005a: PUSH1 0x00
0000005c: SWAP1
0000005d: ISZERO
0000005e: ISZERO
0000005f: PUSH2 0x0067
00000062: JUMPI
00000063: PUSH2 0x013d
00000066: JUMP
00000067: JUMPDEST
00000068: PUSH1 0x00
0000006a: DUP1
0000006b: SLOAD
0000006c: PUSH1 0x01
0000006e: SLOAD
0000006f: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000084: SWAP1
00000085: SWAP2
00000086: AND
00000087: SWAP2
00000088: PUSH4 0xf39ec1f7
0000008d: SWAP2
0000008e: SWAP1
0000008f: PUSH1 0x40
00000091: MLOAD
00000092: PUSH1 0x20
00000094: ADD
00000095: MSTORE
00000096: PUSH1 0x40
00000098: MLOAD
00000099: PUSH29 0x0100000000000000000000000000000000000000000000000000000000
000000b7: PUSH4 0xffffffff
000000bc: DUP5
000000bd: AND
000000be: MUL
000000bf: DUP2
000000c0: MSTORE
000000c1: PUSH1 0x04
000000c3: DUP2
000000c4: ADD
000000c5: SWAP2
000000c6: SWAP1
000000c7: SWAP2
000000c8: MSTORE
000000c9: PUSH1 0x24
000000cb: ADD
000000cc: PUSH1 0x20
000000ce: PUSH1 0x40
000000d0: MLOAD
000000d1: DUP1
000000d2: DUP4
000000d3: SUB
000000d4: DUP2
000000d5: PUSH1 0x00
000000d7: DUP8
000000d8: DUP1
000000d9: EXTCODESIZE
000000da: ISZERO
000000db: ISZERO
000000dc: PUSH2 0x00e4
000000df: JUMPI
000000e0: PUSH1 0x00
000000e2: DUP1
000000e3: REVERT
000000e4: JUMPDEST
000000e5: PUSH2 0x02c6
000000e8: GAS
000000e9: SUB
000000ea: CALL
000000eb: ISZERO
000000ec: ISZERO
000000ed: PUSH2 0x00f5
000000f0: JUMPI
000000f1: PUSH1 0x00
000000f3: DUP1
000000f4: REVERT
000000f5: JUMPDEST
000000f6: POP
000000f7: POP
000000f8: POP
000000f9: PUSH1 0x40
000000fb: MLOAD
000000fc: DUP1
000000fd: MLOAD
000000fe: SWAP1
000000ff: POP
00000100: SWAP1
00000101: POP
00000102: PUSH1 0x40
00000104: MLOAD
00000105: PUSH1 0x1f
00000107: NOT
00000108: PUSH1 0x1f
0000010a: CALLDATASIZE
0000010b: ADD
0000010c: AND
0000010d: DUP1
0000010e: DUP3
0000010f: ADD
00000110: PUSH1 0x40
00000112: MSTORE
00000113: CALLDATASIZE
00000114: PUSH1 0x00
00000116: DUP4
00000117: CALLDATACOPY
00000118: PUSH1 0x00
0000011a: DUP1
0000011b: CALLDATASIZE
0000011c: DUP5
0000011d: DUP7
0000011e: GAS
0000011f: DELEGATECALL
00000120: DUP1
00000121: DUP1
00000122: ISZERO
00000123: PUSH2 0x0138
00000126: JUMPI
00000127: PUSH1 0x40
00000129: MLOAD
0000012a: RETURNDATASIZE
0000012b: DUP2
0000012c: ADD
0000012d: PUSH1 0x40
0000012f: MSTORE
00000130: RETURNDATASIZE
00000131: PUSH1 0x00
00000133: DUP3
00000134: RETURNDATACOPY
00000135: RETURNDATASIZE
00000136: DUP2
00000137: RETURN
00000138: JUMPDEST
00000139: PUSH1 0x00
0000013b: DUP1
0000013c: REVERT
0000013d: JUMPDEST
0000013e: POP
0000013f: STOP
00000140: JUMPDEST
00000141: CALLVALUE
00000142: ISZERO
00000143: PUSH2 0x014b
00000146: JUMPI
00000147: PUSH1 0x00
00000149: DUP1
0000014a: REVERT
0000014b: JUMPDEST
0000014c: PUSH2 0x0153
0000014f: PUSH2 0x01e1
00000152: JUMP
00000153: JUMPDEST
00000154: PUSH1 0x40
00000156: MLOAD
00000157: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
0000016c: SWAP1
0000016d: SWAP2
0000016e: AND
0000016f: DUP2
00000170: MSTORE
00000171: PUSH1 0x20
00000173: ADD
00000174: PUSH1 0x40
00000176: MLOAD
00000177: DUP1
00000178: SWAP2
00000179: SUB
0000017a: SWAP1
0000017b: RETURN
0000017c: JUMPDEST
0000017d: CALLVALUE
0000017e: ISZERO
0000017f: PUSH2 0x0187
00000182: JUMPI
00000183: PUSH1 0x00
00000185: DUP1
00000186: REVERT
00000187: JUMPDEST
00000188: PUSH2 0x01a8
0000018b: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001a0: PUSH1 0x04
000001a2: CALLDATALOAD
000001a3: AND
000001a4: PUSH2 0x01fd
000001a7: JUMP
000001a8: JUMPDEST
000001a9: PUSH1 0x40
000001ab: MLOAD
000001ac: SWAP1
000001ad: ISZERO
000001ae: ISZERO
000001af: DUP2
000001b0: MSTORE
000001b1: PUSH1 0x20
000001b3: ADD
000001b4: PUSH1 0x40
000001b6: MLOAD
000001b7: DUP1
000001b8: SWAP2
000001b9: SUB
000001ba: SWAP1
000001bb: RETURN
000001bc: JUMPDEST
000001bd: CALLVALUE
000001be: ISZERO
000001bf: PUSH2 0x01c7
000001c2: JUMPI
000001c3: PUSH1 0x00
000001c5: DUP1
000001c6: REVERT
000001c7: JUMPDEST
000001c8: PUSH2 0x01cf
000001cb: PUSH2 0x0265
000001ce: JUMP
000001cf: JUMPDEST
000001d0: PUSH1 0x40
000001d2: MLOAD
000001d3: SWAP1
000001d4: DUP2
000001d5: MSTORE
000001d6: PUSH1 0x20
000001d8: ADD
000001d9: PUSH1 0x40
000001db: MLOAD
000001dc: DUP1
000001dd: SWAP2
000001de: SUB
000001df: SWAP1
000001e0: RETURN
000001e1: JUMPDEST
000001e2: PUSH1 0x00
000001e4: SLOAD
000001e5: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
000001fa: AND
000001fb: SWAP1
000001fc: JUMP
000001fd: JUMPDEST
000001fe: PUSH1 0x00
00000200: DUP1
00000201: SLOAD
00000202: CALLER
00000203: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000218: SWAP1
00000219: DUP2
0000021a: AND
0000021b: SWAP2
0000021c: AND
0000021d: EQ
0000021e: PUSH2 0x0226
00000221: JUMPI
00000222: PUSH1 0x00
00000224: DUP1
00000225: REVERT
00000226: JUMPDEST
00000227: POP
00000228: PUSH1 0x00
0000022a: DUP1
0000022b: SLOAD
0000022c: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000241: DUP4
00000242: AND
00000243: PUSH20 0xffffffffffffffffffffffffffffffffffffffff
00000258: NOT
00000259: SWAP1
0000025a: SWAP2
0000025b: AND
0000025c: OR
0000025d: SWAP1
0000025e: SSTORE
0000025f: PUSH1 0x01
00000261: SWAP2
00000262: SWAP1
00000263: POP
00000264: JUMP
00000265: JUMPDEST
00000266: PUSH1 0x01
00000268: SLOAD
00000269: DUP2
0000026a: JUMP
0000026b: STOP
0000026c: LOG1
0000026d: PUSH6 0x627a7a723058
00000274: KECCAK256
00000275: DUP5
00000276: PUSH26 0x6531768a1d75b70a76b8cd7c7db53c078e5abbed437bd74b1419
00000291: BALANCE
00000292: PUSH15

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
critical upgradeability detector Untrusted DELEGATECALL target reachable 70 no no
view
trace_id: 0xf7bc6c6531562c685570de0b58ba0d32fd686eca3810a837c967a459497ec937
validation_json 
{
    "sink": "DELEGATECALL",
    "errors": 0,
    "status": "unknown",
    "attempts": 36,
    "trace_id": "0xf7bc6c6531562c685570de0b58ba0d32fd686eca3810a837c967a459497ec937",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": null,
    "matched_probe": null,
    "target_varies": null,
    "classification": "no_sink"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3018205f",
            "selector": "0x3018205f",
            "calldata_variants": [
                "0x3018205f",
                "0x3018205f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x92eefe9b",
            "selector": "0x92eefe9b",
            "calldata_variants": [
                "0x92eefe9b",
                "0x92eefe9b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xbef72fa2",
            "selector": "0xbef72fa2",
            "calldata_variants": [
                "0xbef72fa2",
                "0xbef72fa20000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 287,
            "opcode": "DELEGATECALL",
            "returndata_checked": null,
            "value_expression_category": "n/a",
            "target_expression_category": "computed"
        }
    ],
    "guards_detected": [],
    "delegatecall_count": 1,
    "untrusted_delegatecall_count": 1
}
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0x6b0806a33af6188432063e57f4094db7161d99f94695a9fdc6c48132d745878e
call_targets: 0xd5524179cb7ae012f5b642c1d6d700bbaa76b96b
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x6b0806a33af6188432063e57f4094db7161d99f94695a9fdc6c48132d745878e",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xd5524179cb7ae012f5b642c1d6d700bbaa76b96b"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3018205f",
            "selector": "0x3018205f",
            "calldata_variants": [
                "0x3018205f",
                "0x3018205f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x92eefe9b",
            "selector": "0x92eefe9b",
            "calldata_variants": [
                "0x92eefe9b",
                "0x92eefe9b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xbef72fa2",
            "selector": "0xbef72fa2",
            "calldata_variants": [
                "0xbef72fa2",
                "0xbef72fa20000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 234,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 1,
    "guards_detected": [],
    "untrusted_call_count": 1
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0x6b0806a33af6188432063e57f4094db7161d99f94695a9fdc6c48132d745878e
call_targets: 0xd5524179cb7ae012f5b642c1d6d700bbaa76b96b
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0x6b0806a33af6188432063e57f4094db7161d99f94695a9fdc6c48132d745878e",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0xd5524179cb7ae012f5b642c1d6d700bbaa76b96b"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x3018205f",
            "selector": "0x3018205f",
            "calldata_variants": [
                "0x3018205f",
                "0x3018205f0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x92eefe9b",
            "selector": "0x92eefe9b",
            "calldata_variants": [
                "0x92eefe9b",
                "0x92eefe9b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xbef72fa2",
            "selector": "0xbef72fa2",
            "calldata_variants": [
                "0xbef72fa2",
                "0xbef72fa20000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 234,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 1,
    "guards_detected": []
}
medium upgradeability cast DELEGATECALL present 80 no
view
evidence_json 
{
    "notes": "delegatecall enables execution in caller context; common in proxies/upgradeable patterns",
    "delegatecall_count": 1
}