IMM-T-2026-0145

PROBATION Advisory

Flagged by 1 independent publisher declaring the same primary matcher. Advisory until 3 distinct publishers corroborate.

Matcher 0xb802d925b895ae0242ab77cb76f269cfea6c3bc12779bd3e4ef0b509e391ccff
Type
CALL_PATTERN
Verdict
MALICIOUS
Confidence
81.0%
Severity
77
Value at risk
$0.00
Published by 0x502b7574..efc08d View on explorer
Created June 14, 2026 7:47 AM
Envelope v1
Signed payload
Primary matcher call_pattern
0xfeedfeedfeedfeedfeedfeedfeedfeedfeedfeed 0xa22cb465
Scope
base-sepolia home
Corroboration 1 of 3 to hard-block
Same matcher hash

No other publisher has independently declared this matcher yet. This antibody stands alone — advisory until 3 distinct publishers corroborate.

Evidence redacted public excerpt
Reasoning excerpt
setApprovalForAll(operator, true) call granting whole-collection NFT spend rights to a known drainer-family operator wallet. Once granted the operator can sweep every token in the collection within the approval window. MALICIOUS: there is no legitimate flow that requires unrestricted whole-collection withdraw rights to an opaque operator.

Full evidence (TEE-sealed) is fetchable by holders of the unsealing key. Public mirror carries hash only.

TEE attestation
Curated by human
Heuristically published from a known threat catalog, not derived from a TEE-verified verdict.
Evidence on Lighthouse
QmRChkW2WpJGK9QGx84DgRxEUq7PvCDYxbipZoiydWjWsD
Public CIDv0 on Lighthouse IPFS — resolves the signed envelope.
Network impact Live
Since publish
Cache hits
4
SDK check() matches
Agents synced
2
distinct callers
Attacks blocked
2
tx-level intercepts
Pool reverts
2
Uniswap v4 hook
USD protected
$0.00
sum of tx value at intercept
Hits over time each bar is one of 30 equal slices since publish
publish now
Recent intercepts
Agent Method Chain When
0x78286aa87559c75a323da1a3e9b471b8caf897c3 SDK check() evm:84532 (base-sepolia) 5 hours ago
0xbeae2b5bfd678fcde59b8dd9395b86d69dca41fc SDK check() evm:84532 (base-sepolia) 5 hours ago
Mirror status Not mirror-eligible
Not eligible to mirror

This antibody is advisory — it stays on its home chain. The relayer only propagates antibodies that have earned enforcement authority, so the cross-chain Uniswap hook never blocks on an unproven flag. It becomes mirror-eligible once it matures to hard-block: 1 of 3 independent publishers corroborating so far.