TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Dividend distribution can be permanently blocked by a reverting recipient or gas limit 0xc16b542ff490e01fcc0dc58a60e1efdc3e357ca6 $47,233.83 no 2 months ago 019be3d6-83fb-70cc-861b-5b64aafec5b5
medium codex exerciseStockOption checks vesting for msg.sender instead of target account 0x1123f22a0c120d07cd660759839ae746c7a778ff $47,299.28 no 2 months ago 019be3d6-83e1-7166-b811-d5bbdcacd0d9
high codex Authorization based on tx.origin 0xabfec10802e69a5d63ec954bf16a9bdafb4590b9 $47,366.70 no 2 months ago 019be3d6-83d0-7125-a47e-4da78d411734
medium codex Delegatecall to external target (code execution in caller storage) 0xabfec10802e69a5d63ec954bf16a9bdafb4590b9 $47,366.70 no 2 months ago 019be3d6-83d0-7125-a47e-4da78d411734
low codex CALL sites with nonzero value to computed targets 0xabfec10802e69a5d63ec954bf16a9bdafb4590b9 $47,366.70 no 2 months ago 019be3d6-83d0-7125-a47e-4da78d411734
medium codex Community fee payouts can brick rounds/buys if admin is a contract with a reverting or gas-consuming fallback 0xaff69c67f5dbbdd088ccbc6d47cb9e0ea547e132 $47,406.99 no 2 months ago 019be3d6-83bf-7349-823c-9b284998e42d
low codex External CALLs to computed targets with no detected reentrancy guard 0xe6d370a3a308e443760cdd301f3af61eaf268ce6 $47,431.94 no 2 months ago 019be3d6-83a1-7215-a41b-a72aeb1dec04
medium codex State updates occur after external CALLs without a detected reentrancy guard 0x667100c5ceeb56ac8fb33695c4d91a802fca749b $47,434.19 no 2 months ago 019be3d6-8398-7100-b97f-ba6bae47c55f
medium codex Multiple low-level CALLs to computed targets with possible ETH transfer 0x667100c5ceeb56ac8fb33695c4d91a802fca749b $47,434.19 no 2 months ago 019be3d6-8398-7100-b97f-ba6bae47c55f
low codex Configuration/address setters appear without clear access control (oracle trust boundary risk) 0x667100c5ceeb56ac8fb33695c4d91a802fca749b $47,434.19 no 2 months ago 019be3d6-8398-7100-b97f-ba6bae47c55f
low codex Arbitrary external CALLs with value to computed targets 0xcf9997ff3178ee54270735fdc00d4a26730787e0 $47,748.05 no 2 months ago 019be3d6-8364-7368-ad9b-88100f94d26c
medium codex KYC signature replay allows bypassing intended per-user limits 0x5de9f32b2665bb2cdc23bfb51b03e2a2985ecc87 $47,853.46 no 2 months ago 019be3d6-8355-7101-a9ce-9df439e1eb56
low codex Refunded flag never set due to equality operator 0x5de9f32b2665bb2cdc23bfb51b03e2a2985ecc87 $47,853.46 no 2 months ago 019be3d6-8355-7101-a9ce-9df439e1eb56
low codex KYC signature check can be bypassed if signerAddress is unset 0x5de9f32b2665bb2cdc23bfb51b03e2a2985ecc87 $47,853.46 no 2 months ago 019be3d6-8355-7101-a9ce-9df439e1eb56
low codex ERC20 transfer return value not enforced in owner-only token transfer 0x8bd458e3950f8a9cbe67ea55cbc209ead43b46f4 $47,890.78 no 2 months ago 019be3d6-8341-72d1-acd5-9e04de7826a9
medium codex Fallback redemption performs external token transfers before clearing balance and without reentrancy guard 0x29aa20fb9b23421e310bdb8a7cfb81d7fbb4a1b3 $47,924.40 no 2 months ago 019be3d6-8329-7283-9a66-0484d43643d5
medium codex Slot reuse bug can overwrite active users when pool is full 0x29aa20fb9b23421e310bdb8a7cfb81d7fbb4a1b3 $47,924.40 no 2 months ago 019be3d6-8329-7283-9a66-0484d43643d5
low codex Unchecked token transfer return values can zero balances without payout 0x29aa20fb9b23421e310bdb8a7cfb81d7fbb4a1b3 $47,924.40 no 2 months ago 019be3d6-8329-7283-9a66-0484d43643d5
low codex Expired users are not removed from the mapping, preventing re-join and mis-accounting contributions 0x29aa20fb9b23421e310bdb8a7cfb81d7fbb4a1b3 $47,924.40 no 2 months ago 019be3d6-8329-7283-9a66-0484d43643d5
medium codex Arbitrary external CALL (with ETH value) reachable via selector 0xf62d1888 0xbcaf70ef342378755e82c9f374225604f04a36e3 $47,944.34 no 2 months ago 019be3d6-8320-73ba-a9ee-5904a566edeb
medium codex Computed DELEGATECALL target reachable via selector 0xf62d1888 0xbcaf70ef342378755e82c9f374225604f04a36e3 $47,944.34 no 2 months ago 019be3d6-8320-73ba-a9ee-5904a566edeb
medium codex Liquidation escrow can become undercollateralized when pool-funded loans use the liquidation reward deposit as available capital 0x74001dcff64643b76ce4919af4dcd83da6fe1e02 $48,070.32 no 2 months ago 019be3d6-8317-73f5-b8ac-a5ffbb5f9eb3
low codex Borrower loan index is never set, corrupting loan tracking on removal 0x74001dcff64643b76ce4919af4dcd83da6fe1e02 $48,070.32 no 2 months ago 019be3d6-8317-73f5-b8ac-a5ffbb5f9eb3
low codex Value‑transferring CALL to computed target; potential reentrancy or unauthorized payout if reachable 0xdb9bdbd5a74787f4bf105cc7809b79b206a62a84 $48,174.00 no 2 months ago 019be3d6-82fe-7362-8276-89831be9667e
low codex Low‑level CALL to computed target/value with unconfirmed checks 0xa55951b2dcb3574eab8a54a6b5ec0ecf3f6fff95 $48,285.89 no 2 months ago 019be3d6-82f5-73ce-b152-f0dadbc57205
medium codex Computed external CALLs with potential value transfer and no detected access control 0x6f4dca180149a0b3b4df532054a7f0fecbb96170 $48,430.63 no 2 months ago 019be3d6-82d3-72f2-8366-aba489c5ca7b
low codex CALLCODE opcode present (reachability uncertain) 0x6f4dca180149a0b3b4df532054a7f0fecbb96170 $48,430.63 no 2 months ago 019be3d6-82d3-72f2-8366-aba489c5ca7b
medium codex Payouts can be permanently blocked when recipient rejects ETH 0x22e84cb17a55d618138911549e28310a84f888de $48,437.50 no 2 months ago 019be3d6-82c8-710e-9648-447f5f9e0a29
low codex Unchecked arithmetic can overflow IDs and accounting counters 0x22e84cb17a55d618138911549e28310a84f888de $48,437.50 no 2 months ago 019be3d6-82c8-710e-9648-447f5f9e0a29
medium codex tx.origin used in guard logic (phishing/authorization risk) 0x9bc7a1d21a2d38ee313c911e1356c926948fcba1 $48,450.40 no 2 months ago 019be3d6-82bf-71fe-9a54-fe0121f37b3d
low codex Low-level CALLs with computed targets/value (potential untrusted external call / reentrancy) 0x9bc7a1d21a2d38ee313c911e1356c926948fcba1 $48,450.40 no 2 months ago 019be3d6-82bf-71fe-9a54-fe0121f37b3d
medium codex Fee-on-transfer tokens break pool accounting and allow over-withdrawals 0x6767d3789ff7c678612e771b7b78db7fa04a063c $48,534.34 no 2 months ago 019be3d6-82ae-711f-8841-629b0c72d040
medium codex Reentrancy window in `deposit` can double-count pending rewards 0x6767d3789ff7c678612e771b7b78db7fa04a063c $48,534.34 no 2 months ago 019be3d6-82ae-711f-8841-629b0c72d040
low codex ETH withdrawals use `transfer`, risking permanent withdrawal failures for contracts 0x6767d3789ff7c678612e771b7b78db7fa04a063c $48,534.34 no 2 months ago 019be3d6-82ae-711f-8841-629b0c72d040
low codex recoverETH ignores low-level call success 0x5c29376a264e9244b50076650cea0cf30172c466 $48,597.60 no 2 months ago 019be3d6-829b-7113-92ff-3299b47c7d80
low codex Whale fee tier can be bypassed with temporary OTSea balance (flashloan) 0x28a2f7849f0a2bccf1f5d246cef5a6867a5bfa23 $48,623.42 no 2 months ago 019be3d6-8293-71b3-bc76-8deb30108147
high codex Relayer can finalize arbitrary transfers without proof or fee verification 0xdbf24caff1470a6d08bf2ff2c6875bafc60cf881 $48,695.70 no 2 months ago 019be3d6-828a-71dc-80f1-1fb633b503be
medium codex External CALL before state update (possible reentrancy if target untrusted) 0xb0e5bea9f6e7e66e284bcfd47e354aa3484de62e $48,725.00 no 2 months ago 019be3d6-8282-7361-9368-6a167143af5d
low codex Low-level CALL with computed target/value and unclear success enforcement 0xb0e5bea9f6e7e66e284bcfd47e354aa3484de62e $48,725.00 no 2 months ago 019be3d6-8282-7361-9368-6a167143af5d
medium codex Dynamic external CALLs with ETH value in selector 0xddca3f43 may be reachable without clear access control 0x05def6d34631bbdd35e212cb749cacaebf8c963d $48,728.11 no 2 months ago 019be3d6-8279-71c2-917d-11a31b51016c
low codex CALL success flag appears to be discarded before return-data checks 0x05def6d34631bbdd35e212cb749cacaebf8c963d $48,728.11 no 2 months ago 019be3d6-8279-71c2-917d-11a31b51016c
medium codex Bond market parameters derived from manipulable Uniswap spot reserves 0x64c7d8c8abf28daf9d441c507cfe9be678a0929c $48,840.97 no 2 months ago 019be3d6-8267-739c-b062-5f21bd63b2eb
low codex LP bonding does not verify LP token transfer success 0x64c7d8c8abf28daf9d441c507cfe9be678a0929c $48,840.97 no 2 months ago 019be3d6-8267-739c-b062-5f21bd63b2eb
medium codex Computed DELEGATECALL target (slot 0x13) with no detected access control 0xe9bb610e707a631e3460a9830821d3970a378166 $48,948.90 no 2 months ago 019be3d6-8257-7158-b579-591cc8b3ef79
low codex Potential external CALL with value to computed target (reentrancy/funds risk if user-controlled) 0xbeb3e32355a933501c247e2dbde6e6ca2489bf3d $49,027.02 no 2 months ago 019be3d6-8246-7204-b331-1fa7006bb405
medium codex External CALLs use computed targets/values loaded from storage/mappings (value transfer possible) 0x205718799d502fe2c45d3afc91c3c8ccb5c0836f $49,035.70 no 2 months ago 019be3d6-823c-7170-bc2d-39f5e89bacf5
low codex Return data from external CALLs is not validated 0x205718799d502fe2c45d3afc91c3c8ccb5c0836f $49,035.70 no 2 months ago 019be3d6-823c-7170-bc2d-39f5e89bacf5
low codex EOA-only guard via EXTCODESIZE is bypassable 0x205718799d502fe2c45d3afc91c3c8ccb5c0836f $49,035.70 no 2 months ago 019be3d6-823c-7170-bc2d-39f5e89bacf5
low codex External CALL target/value derived from storage (potential arbitrary call/ETH transfer if mutable) 0xfffe68c44264aa02020e30298f58f0004afc1527 $49,317.91 no 2 months ago 019be3d6-820a-733c-b1d0-1bc4856cd0cf
low codex ERC20 operations via low-level CALL without return-data validation 0xfffe68c44264aa02020e30298f58f0004afc1527 $49,317.91 no 2 months ago 019be3d6-820a-733c-b1d0-1bc4856cd0cf