TW
Tripwire
Find contracts. Test them. Review real vulns.

Analysis Run

31eddb4f-75ee-4700-86cf-d444b1d142b3

failed
Chain ID
1
Address
0x755cdba6ae4f479f7164792b318b2a06c759833b
Block Number
Created
Thu, Jan 1, 2026 3:45 PM
Review Summary

What survived the funnel

Open this run to answer one question: is this real attacker-relevant behavior with real impact, or just normal contract plumbing?

back to vulns open contract
Confirmed
0
Validated
0
Source
Verified
Review Backing
Not yet
Best current signal
Untrusted CALL target/value reachable
crit 0 high 0 direct contract
Review Checklist
1. Read the findings table first. Ignore raw jobs until the result looks real.
2. Confirm attacker control, not just the existence of a sink.
3. Confirm money or privilege impact.
4. Keep it if the behavior is real. Kill it if this is normal proxy, admin, or upgrade plumbing.

Processing Jobs

Status & attempts
ID Type Status Attempts Heartbeat
31069 report.consolidate complete 1 / 1 3 months ago
76228 artifact.fetch failed 1 / 3 2 weeks ago
76229 tool.cast_disasm complete 1 / 3 2 weeks ago
76230 analysis.bundle complete 1 / 3 2 weeks ago
76231 capability.graph complete 1 / 3 2 weeks ago
76232 detector.run complete 1 / 3 2 weeks ago
76233 validation.fork complete 1 / 3 2 weeks ago

Artifact

Runtime bytecode: available
Creation TX:
Deployer:
Proxy: no
Implementation:
Verified Source: yes

Slither

tool.slither

No slither job recorded yet.

Codex

report.consolidate
Job Status
complete
Attempts
1 / 1
Findings
0
No findings?
yes
Summary
No concrete, exploitable profit path found in the provided sources.
View stderr 
[codex:9401] OpenAI Codex v0.77.0 (research preview)
[codex:9401] --------
[codex:9401] workdir: /tmp/codex-multi-pmqvp5xy
[codex:9401] model: gpt-5.2-codex
[codex:9401] provider: openai
[codex:9401] approval: never
[codex:9401] sandbox: read-only
[codex:9401] reasoning effort: xhigh
[codex:9401] reasoning summaries: auto
[codex:9401] session id: 019b7a3c-3cfe-7ea1-b727-267371a2aab1
[codex:9401] --------
[codex:9401] user
[codex:9401] You are a profit-focused exploit hunter. Your ONLY goal is finding ways to extract value (ETH, tokens, NFTs) from this contract.
[codex:9401] 
[codex:9401] Read `AUDIT_BUNDLE.txt` completely before concluding. Treat `lib/` and `@openzeppelin/` as trusted unless misused.
[codex:9401] 
[codex:9401] ONLY REPORT if you find a CONCRETE, EXPLOITABLE path to profit. We do NOT care about:
[codex:9401] - Gas inefficiency, code quality, naming, or best practices
[codex:9401] - Theoretical vulnerabilities without a clear extraction path
[codex:9401] - Centralization risks (admin can rug) - assume admin keys are secure
[codex:9401] - Front-running unless it enables theft beyond MEV
[codex:9401] - DoS, griefing, or issues that don't result in attacker profit
[codex:9401] - Missing events, view function issues, or informational findings
[codex:9401] 
[codex:9401] HIGH-VALUE PATTERNS TO HUNT:
[codex:9401] - Reentrancy: external calls before state updates that allow double-withdrawal
[codex:9401] - Access control: missing/bypassable auth on withdraw, transfer, or mint functions
[codex:9401] - Flash loan attacks: borrow -> manipulate -> profit in single tx
[codex:9401] - Price oracle manipulation: TWAP with short window, spot price reads, stale prices
[codex:9401] - Signature replay: missing nonce, chainId, or deadline in permit/meta-tx
[codex:9401] - Proxy hijacking: unprotected initialize(), storage collision, UUPS without auth
[codex:9401] - Accounting errors: rounding that favors attacker, share inflation, first depositor attacks
[codex:9401] - Unchecked external calls: return value ignored on token transfers enabling fake tokens
[codex:9401] - Cross-function reentrancy: state read in function A, modified via reentrant call, used stale in A
[codex:9401] 
[codex:9401] For each finding, you MUST provide:
[codex:9401] 1. Exact file and line numbers of vulnerable code
[codex:9401] 2. Step-by-step exploit transaction sequence
[codex:9401] 3. Estimated profit potential (order of magnitude: contract balance, LP reserves, etc.)
[codex:9401] 
[codex:9401] If no concrete profit path exists: set no_findings=true. Do NOT pad with low-severity noise.
[codex:9401] 
[codex:9401] Output MUST be valid JSON matching the provided schema.
[codex:9401] - severity: info, low, medium, high, critical (use high/critical ONLY for clear extraction paths)
[codex:9401] - category: access_control, reentrancy, math, oracle, upgradeability, auth, other
[codex:9401] mcp startup: no servers
[codex:9401] 
[codex:9401] thinking
[codex:9401] **Preparing to examine AGENTS and AUDIT_BUNDLE.txt**
[codex:9401] exec
[codex:9401] /bin/bash -lc ls in /tmp/codex-multi-pmqvp5xy succeeded in 5ms:
[codex:9401] AUDIT_BUNDLE.txt
[codex:9401] codex-output-schema.json
[codex:9401] contracts
[codex:9401] exec
[codex:9401] /bin/bash -lc 'cat AUDIT_BUNDLE.txt' in /tmp/codex-multi-pmqvp5xy succeeded in 5ms:
[codex:9401] This file concatenates first-party Solidity sources only (lib/@openzeppelin excluded).
[codex:9401] 
[codex:9401] ================================================================================
[codex:9401] FILE: contracts/Contract.sol
[codex:9401] ================================================================================
[codex:9401] // Refund contract for extraBalance
[codex:9401] // Amounts to be paid are tokenized in another contract and allow using the same refund contract as for theDAO
[codex:9401] // Though it may be misleading, the names 'DAO', 'mainDAO' are kept here for the ease of code review
[codex:9401] 
[codex:9401] contract DAO {
[codex:9401]     function balanceOf(address addr) returns (uint);
[codex:9401]     function transferFrom(address from, address to, uint balance) returns (bool);
[codex:9401]     uint public totalSupply;
[codex:9401] }
[codex:9401] 
[codex:9401] contract WithdrawDAO {
[codex:9401]     DAO constant public mainDAO = DAO(0x5c40ef6f527f4fba68368774e6130ce6515123f2);
[codex:9401]     address constant public trustee = 0xda4a4626d3e16e094de3225a751aab7128e96526;
[codex:9401] 
[codex:9401]     function withdraw(){
[codex:9401] 
[codex:9401] thinking
[codex:9401] **Evaluating potential DAO exploit**
[codex:9401] codex
[codex:9401] {"no_findings":true,"summary":"No concrete, exploitable profit path found in the provided sources.","findings":[]}
[codex:9401] tokens used
[codex:9401] 2,602
[codex:9401] {"no_findings":true,"summary":"No concrete, exploitable profit path found in the provided sources.","findings":[]}
Metadata 
{
    "codex": {
        "ran_at": "2026-01-01T15:45:43.918367+00:00",
        "returncode": 0
    },
    "summary": "No concrete, exploitable profit path found in the provided sources.",
    "raw_final": {
        "summary": "No concrete, exploitable profit path found in the provided sources.",
        "findings": [],
        "no_findings": true
    },
    "no_findings": true,
    "schema_version": 1
}

Opcode Heuristics

tool.cast_disasm
Delegatecall
0
Selfdestruct
0
CREATE2
0
CALL-family (heavy)
4
EXT*/BALANCE
1
Total opcodes
288
Flags
No heuristic flags raised.
View cast disassembly output 
00000000: PUSH1 0x60
00000002: PUSH1 0x40
00000004: MSTORE
00000005: PUSH1 0xe0
00000007: PUSH1 0x02
00000009: EXP
0000000a: PUSH1 0x00
0000000c: CALLDATALOAD
0000000d: DIV
0000000e: PUSH4 0x2526d960
00000013: DUP2
00000014: EQ
00000015: PUSH2 0x003c
00000018: JUMPI
00000019: DUP1
0000001a: PUSH4 0x3ccfd60b
0000001f: EQ
00000020: PUSH2 0x0068
00000023: JUMPI
00000024: DUP1
00000025: PUSH4 0xeedcf50a
0000002a: EQ
0000002b: PUSH2 0x018f
0000002e: JUMPI
0000002f: DUP1
00000030: PUSH4 0xfdf97cb2
00000035: EQ
00000036: PUSH2 0x01aa
00000039: JUMPI
0000003a: JUMPDEST
0000003b: STOP
0000003c: JUMPDEST
0000003d: PUSH2 0x003a
00000040: CALLER
00000041: PUSH1 0x01
00000043: PUSH1 0xa0
00000045: PUSH1 0x02
00000047: EXP
00000048: SUB
00000049: AND
0000004a: PUSH20 0xda4a4626d3e16e094de3225a751aab7128e96526
0000005f: EQ
00000060: PUSH2 0x01e4
00000063: JUMPI
00000064: PUSH2 0x0002
00000067: JUMP
00000068: JUMPDEST
00000069: PUSH2 0x003a
0000006c: PUSH1 0x00
0000006e: PUSH20 0x5c40ef6f527f4fba68368774e6130ce6515123f2
00000083: PUSH1 0x01
00000085: PUSH1 0xa0
00000087: PUSH1 0x02
00000089: EXP
0000008a: SUB
0000008b: AND
0000008c: PUSH4 0x70a08231
00000091: CALLER
00000092: PUSH1 0x40
00000094: MLOAD
00000095: DUP3
00000096: PUSH1 0xe0
00000098: PUSH1 0x02
0000009a: EXP
0000009b: MUL
0000009c: DUP2
0000009d: MSTORE
0000009e: PUSH1 0x04
000000a0: ADD
000000a1: DUP1
000000a2: DUP3
000000a3: PUSH1 0x01
000000a5: PUSH1 0xa0
000000a7: PUSH1 0x02
000000a9: EXP
000000aa: SUB
000000ab: AND
000000ac: DUP2
000000ad: MSTORE
000000ae: PUSH1 0x20
000000b0: ADD
000000b1: SWAP2
000000b2: POP
000000b3: POP
000000b4: PUSH1 0x20
000000b6: PUSH1 0x40
000000b8: MLOAD
000000b9: DUP1
000000ba: DUP4
000000bb: SUB
000000bc: DUP2
000000bd: PUSH1 0x00
000000bf: DUP8
000000c0: PUSH2 0x61da
000000c3: GAS
000000c4: SUB
000000c5: CALL
000000c6: ISZERO
000000c7: PUSH2 0x0002
000000ca: JUMPI
000000cb: POP
000000cc: POP
000000cd: PUSH1 0x40
000000cf: DUP1
000000d0: MLOAD
000000d1: DUP1
000000d2: MLOAD
000000d3: PUSH32 0x23b872dd00000000000000000000000000000000000000000000000000000000
000000f4: DUP3
000000f5: MSTORE
000000f6: CALLER
000000f7: PUSH1 0x01
000000f9: PUSH1 0xa0
000000fb: PUSH1 0x02
000000fd: EXP
000000fe: SUB
000000ff: SWAP1
00000100: DUP2
00000101: AND
00000102: PUSH1 0x04
00000104: DUP5
00000105: ADD
00000106: MSTORE
00000107: ADDRESS
00000108: AND
00000109: PUSH1 0x24
0000010b: DUP4
0000010c: ADD
0000010d: MSTORE
0000010e: PUSH1 0x44
00000110: DUP3
00000111: ADD
00000112: DUP2
00000113: SWAP1
00000114: MSTORE
00000115: SWAP2
00000116: MLOAD
00000117: SWAP2
00000118: SWAP4
00000119: POP
0000011a: PUSH20 0x5c40ef6f527f4fba68368774e6130ce6515123f2
0000012f: SWAP3
00000130: POP
00000131: PUSH4 0x23b872dd
00000136: SWAP2
00000137: PUSH1 0x64
00000139: DUP3
0000013a: DUP2
0000013b: ADD
0000013c: SWAP3
0000013d: PUSH1 0x20
0000013f: SWAP3
00000140: SWAP2
00000141: SWAP1
00000142: DUP3
00000143: SWAP1
00000144: SUB
00000145: ADD
00000146: DUP2
00000147: PUSH1 0x00
00000149: DUP8
0000014a: PUSH2 0x61da
0000014d: GAS
0000014e: SUB
0000014f: CALL
00000150: ISZERO
00000151: PUSH2 0x0002
00000154: JUMPI
00000155: POP
00000156: POP
00000157: PUSH1 0x40
00000159: MLOAD
0000015a: MLOAD
0000015b: ISZERO
0000015c: SWAP1
0000015d: POP
0000015e: DUP1
0000015f: PUSH2 0x0185
00000162: JUMPI
00000163: POP
00000164: PUSH1 0x40
00000166: MLOAD
00000167: CALLER
00000168: PUSH1 0x01
0000016a: PUSH1 0xa0
0000016c: PUSH1 0x02
0000016e: EXP
0000016f: SUB
00000170: AND
00000171: SWAP1
00000172: PUSH1 0x00
00000174: SWAP1
00000175: DUP4
00000176: SWAP1
00000177: DUP3
00000178: DUP2
00000179: DUP2
0000017a: DUP2
0000017b: DUP6
0000017c: DUP9
0000017d: DUP4
0000017e: CALL
0000017f: SWAP4
00000180: POP
00000181: POP
00000182: POP
00000183: POP
00000184: ISZERO
00000185: JUMPDEST
00000186: ISZERO
00000187: PUSH2 0x0224
0000018a: JUMPI
0000018b: PUSH2 0x0002
0000018e: JUMP
0000018f: JUMPDEST
00000190: PUSH2 0x01c5
00000193: PUSH20 0x5c40ef6f527f4fba68368774e6130ce6515123f2
000001a8: DUP2
000001a9: JUMP
000001aa: JUMPDEST
000001ab: PUSH2 0x01c5
000001ae: PUSH20 0xda4a4626d3e16e094de3225a751aab7128e96526
000001c3: DUP2
000001c4: JUMP
000001c5: JUMPDEST
000001c6: PUSH1 0x40
000001c8: DUP1
000001c9: MLOAD
000001ca: PUSH1 0x01
000001cc: PUSH1 0xa0
000001ce: PUSH1 0x02
000001d0: EXP
000001d1: SUB
000001d2: SWAP3
000001d3: SWAP1
000001d4: SWAP3
000001d5: AND
000001d6: DUP3
000001d7: MSTORE
000001d8: MLOAD
000001d9: SWAP1
000001da: DUP2
000001db: SWAP1
000001dc: SUB
000001dd: PUSH1 0x20
000001df: ADD
000001e0: SWAP1
000001e1: RETURN
000001e2: JUMPDEST
000001e3: JUMP
000001e4: JUMPDEST
000001e5: PUSH1 0x40
000001e7: MLOAD
000001e8: PUSH20 0xda4a4626d3e16e094de3225a751aab7128e96526
000001fd: SWAP1
000001fe: PUSH1 0x00
00000200: SWAP1
00000201: ADDRESS
00000202: PUSH1 0x01
00000204: PUSH1 0xa0
00000206: PUSH1 0x02
00000208: EXP
00000209: SUB
0000020a: AND
0000020b: BALANCE
0000020c: SWAP1
0000020d: DUP3
0000020e: DUP2
0000020f: DUP2
00000210: DUP2
00000211: DUP6
00000212: DUP9
00000213: DUP4
00000214: CALL
00000215: SWAP4
00000216: POP
00000217: POP
00000218: POP
00000219: POP
0000021a: ISZERO
0000021b: ISZERO
0000021c: PUSH2 0x01e2
0000021f: JUMPI
00000220: PUSH2 0x0002
00000223: JUMP
00000224: JUMPDEST
00000225: POP
00000226: JUMP

Findings

validated = confirmed for call sinks; sink observed for others
Severity Category Tool Title Confidence Validated Confirmed Details
high other detector Untrusted CALL target/value reachable 60 no no
view
trace_id: 0xa1837b7f7640db573b5ee833b711cc1d6f6dd7c41d90c182d95f66040d52a51a
call_targets: 0x755cdba6ae4f479f7164792b318b2a06c759833b
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xa1837b7f7640db573b5ee833b711cc1d6f6dd7c41d90c182d95f66040d52a51a",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x755cdba6ae4f479f7164792b318b2a06c759833b"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x2526d960",
            "selector": "0x2526d960",
            "calldata_variants": [
                "0x2526d960",
                "0x2526d9600000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3ccfd60b",
            "selector": "0x3ccfd60b",
            "calldata_variants": [
                "0x3ccfd60b",
                "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xeedcf50a",
            "selector": "0xeedcf50a",
            "calldata_variants": [
                "0xeedcf50a",
                "0xeedcf50a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xfdf97cb2",
            "selector": "0xfdf97cb2",
            "calldata_variants": [
                "0xfdf97cb2",
                "0xfdf97cb20000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 197,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 335,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 382,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "call_count": 4,
    "guards_detected": [],
    "untrusted_call_count": 4
}
high other detector ETH value transfer possible 55 no no
view
trace_id: 0xa1837b7f7640db573b5ee833b711cc1d6f6dd7c41d90c182d95f66040d52a51a
call_targets: 0x755cdba6ae4f479f7164792b318b2a06c759833b
target_varies: no
classification: constant_target
validation_json 
{
    "sink": "CALL",
    "errors": 0,
    "status": "sink_reached",
    "attempts": 1,
    "trace_id": "0xa1837b7f7640db573b5ee833b711cc1d6f6dd7c41d90c182d95f66040d52a51a",
    "confirmed": false,
    "trace_mode": "callTracer",
    "call_targets": [
        "0x755cdba6ae4f479f7164792b318b2a06c759833b"
    ],
    "matched_probe": null,
    "target_varies": false,
    "classification": "constant_target"
}
witness_json 
{
    "notes": "heuristic witness; entrypoints are best-effort selectors with zeroed calldata",
    "constraints": [],
    "entrypoints": [
        {
            "calldata": "0x2526d960",
            "selector": "0x2526d960",
            "calldata_variants": [
                "0x2526d960",
                "0x2526d9600000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0x3ccfd60b",
            "selector": "0x3ccfd60b",
            "calldata_variants": [
                "0x3ccfd60b",
                "0x3ccfd60b0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xeedcf50a",
            "selector": "0xeedcf50a",
            "calldata_variants": [
                "0xeedcf50a",
                "0xeedcf50a0000000000000000000000000000000000000000000000000000000000000000"
            ]
        },
        {
            "calldata": "0xfdf97cb2",
            "selector": "0xfdf97cb2",
            "calldata_variants": [
                "0xfdf97cb2",
                "0xfdf97cb20000000000000000000000000000000000000000000000000000000000000000"
            ]
        }
    ]
}
evidence_json 
{
    "examples": [
        {
            "pc": 197,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 335,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        },
        {
            "pc": 382,
            "opcode": "CALL",
            "returndata_checked": null,
            "value_expression_category": "computed",
            "target_expression_category": "computed"
        }
    ],
    "eth_value_calls": 4,
    "guards_detected": []
}