TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Unlimited approvals to user-supplied pools allow token drain 0x3e66b66fd1d0b02fda6c811da9e0547970db2f21 $49,401.65 no 2 months ago 019be3d6-8201-73d9-b7fe-2f43c4915ca9
low codex Public swap functions can sweep any ERC20 balance held by the proxy 0x3e66b66fd1d0b02fda6c811da9e0547970db2f21 $49,401.65 no 2 months ago 019be3d6-8201-73d9-b7fe-2f43c4915ca9
low codex Initializer retains ADMIN_ROLE even when not the owner 0x377f2fd104692e592a5259cf75756037ae180fcb $49,600.00 no 2 months ago 019be3d6-81f6-7356-8bab-3144a73c2765
high codex LAST_SUPPLY is reset instead of incremented, enabling repeated withdrawals of the same tranche 0xe617f1722955706bc487257439d9d61fd3a991a4 $49,600.00 no 2 months ago 019be3d6-81eb-73d7-8def-05c4bf0dd337
medium codex Delegatecall to fixed external target makes logic mutable if the target is upgradeable or replaceable 0xc728a64af23f8e14edf7aa138c8650b3c6d31d57 $49,600.00 no 2 months ago 019be3d6-81e1-73bd-9b15-a6f6a2c49776
medium codex ERC20 transfer return values are ignored, allowing silent claim/withdraw failures 0x0e9d8e14293dd069690c1addbf51b61b4dca2f96 $49,683.22 no 2 months ago 019be3d6-81d7-72e0-84fc-df4ccf623604
low codex Whitelist signatures lack domain separation, enabling cross‑contract/chain replay 0x0e9d8e14293dd069690c1addbf51b61b4dca2f96 $49,683.22 no 2 months ago 019be3d6-81d7-72e0-84fc-df4ccf623604
medium codex Liquidity deployment can be DoS’d by forcing ETH refunds to a contract with no receive() 0x15d94ec1c8e98812dac23bf6a341bd6c83e4cb11 $49,717.80 no 2 months ago 019be3d6-81c4-7091-b835-57b1fa52d217
medium codex Liquidity deploys at attacker-controlled ratio if a pair already exists (no slippage / reserve checks) 0x15d94ec1c8e98812dac23bf6a341bd6c83e4cb11 $49,717.80 no 2 months ago 019be3d6-81c4-7091-b835-57b1fa52d217
medium codex Incorrect withdrawal accounting enables repeated sales withdrawals after sales changes 0x5d7b782ec34cae8b38a56c1a3487337583178466 $0.00 no 3 months ago 019bb50c-36be-73f5-8aa5-abd83ca7a6ba
low codex Admin can bypass refund guarantees via arbitrary state and price changes 0x5d7b782ec34cae8b38a56c1a3487337583178466 $0.00 no 3 months ago 019bb50c-36be-73f5-8aa5-abd83ca7a6ba
low codex SELFDESTRUCT opcode present (reachability unclear; may be metadata) 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 3 months ago 019bb50c-20bf-7140-89ff-d7e92aaf7320
low codex Computed CALL target/value may enable arbitrary external call and ETH transfer 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 3 months ago 019bb50c-20bf-7140-89ff-d7e92aaf7320
medium codex Share pricing depends on manipulable Uniswap V3 spot price 0x9bf7b46c7ad5ab62034e9349ab912c0345164322 $49,817.46 no 3 months ago 019bb50b-e1b9-7171-bbd2-0204820e1613
medium codex Deposits mint shares based on requested amount, not actual received (fee-on-transfer tokens break accounting) 0xc9c9ff8b00f4f6b934b5fcdbf3ff246cffe63d4a $49,843.65 no 3 months ago 019bb50b-e1a6-70f2-a433-f57446ba2513
medium codex Computed external CALLs with possible ETH transfer; target/access control unclear 0xb035e18ee8d98e6f54810c9337ab6524caeef875 $49,926.71 no 3 months ago 019bb50b-e195-72fc-abd3-1ddddddd15da
low codex Manual withdrawal fee is unchecked and can underflow 0x0c432335a0f4280d348e5ff865e02cc5e9562b3d $49,990.00 no 3 months ago 019bb50b-e18c-7289-a46a-78f23643b5ab
low codex Balance update signatures lack domain separation (replay across contracts/chains) 0x0c432335a0f4280d348e5ff865e02cc5e9562b3d $49,990.00 no 3 months ago 019bb50b-e18c-7289-a46a-78f23643b5ab
low codex Fixed 2300-gas ETH transfers can make withdrawals revert for contract recipients 0x91bf99ca34268d407f3cc8d6525ce83c6ea7bcf5 $49,992.75 no 3 months ago 019bb50b-e183-704b-ae79-33466bc022ff
medium codex Fee-on-transfer/rebasing staking tokens can break accounting and lock withdrawals 0xe2557b81f2552f21580354e922c85e1499421297 $50,000.00 no 3 months ago 019bb50b-e165-73bb-b0ac-5421102f4e04
medium codex Reward token depletion can freeze withdrawals during withdrawal interval 0xe2557b81f2552f21580354e922c85e1499421297 $50,000.00 no 3 months ago 019bb50b-e165-73bb-b0ac-5421102f4e04
low codex Self-CALL with value enables potential reentrancy via fallback/other entrypoints 0x25ab5aa1462f02edb00bdebe32e7432a30a76937 $50,015.73 no 3 months ago 019bb50b-e15a-7115-8d01-ea31f8f1f81c
medium codex Swap pricing fully trusts oracle quotes, enabling price-manipulation drains if oracle is weak 0xa5adc5484f9997fbf7d405b9aa62a7d88883c345 $50,020.56 no 3 months ago 019bb50b-e151-736d-a019-fb9174843028
low codex Integer division truncation can lock user funds for non-divisible deposits 0xa5adc5484f9997fbf7d405b9aa62a7d88883c345 $50,020.56 no 3 months ago 019bb50b-e151-736d-a019-fb9174843028
medium codex Potentially reachable SELFDESTRUCT kill-switch 0x19d683cea643a8e5f2384bd48716b5399baa3616 $50,052.35 no 3 months ago 019bb50b-e146-7046-b442-d004a2f4b5a8
low codex CALL sites with computed target/value; untrusted external call/ETH transfer not ruled out 0x19d683cea643a8e5f2384bd48716b5399baa3616 $50,052.35 no 3 months ago 019bb50b-e146-7046-b442-d004a2f4b5a8
medium codex Oraclize query failures (queryId == 0) can lock player funds and overwrite state 0x48d8f22d45e40f34cb7c10799f31246f134e9b7f $50,072.08 no 3 months ago 019bb50b-e13e-71fc-a248-22b5247e3f76
low codex Unchecked ERC20 transfer results can silently fail, causing missing rewards 0x48d8f22d45e40f34cb7c10799f31246f134e9b7f $50,072.08 no 3 months ago 019bb50b-e13e-71fc-a248-22b5247e3f76
medium codex Incorrect withdrawal accounting enables repeated sales withdrawals after parameter changes 0x52a494dbf47107cc0c624ee10703abecaf586776 $50,074.61 no 3 months ago 019bb50b-e133-727a-95cf-35a36617ffba
medium codex Any whitelisted account can grant withdrawal privileges to arbitrary addresses 0x5a5eff38da95b0d58b6c616f2699168b480953c9 $50,207.22 no 3 months ago 019bb50b-e120-724d-80e7-fccefb42de00
low codex Unchecked arithmetic can overflow donation/withdrawal accounting 0x5a5eff38da95b0d58b6c616f2699168b480953c9 $50,207.22 no 3 months ago 019bb50b-e120-724d-80e7-fccefb42de00
medium codex Initializer is publicly callable before first initialization, allowing ownership take-over if left uninitialized 0xffd344f7f636ddae0923a0192b3dcb03cc26141d $50,218.08 no 3 months ago 019bb50b-e116-7363-a672-73467cab804a
medium codex Unchecked ERC20 transfer/transferFrom return values can record purchases or refunds without a successful token transfer 0x11c1197798d3b1cab6970577361172c00e4c5f36 $50,400.29 no 3 months ago 019bb50b-e100-72d3-870c-6f4cd7a7987a
low codex No verification of actual tokens received allows underpayment for fee-on-transfer tokens 0x11c1197798d3b1cab6970577361172c00e4c5f36 $50,400.29 no 3 months ago 019bb50b-e100-72d3-870c-6f4cd7a7987a
high codex ERC4626-style share inflation lets early depositor steal later deposits 0x15a86c79665b61a5747563d83aed3337821a8a79 $50,444.35 no 3 months ago 019bb50b-e0f2-711c-aedb-1c48d3e2f46f
high codex ERC721 withdrawals ignore egg membership, enabling theft of other eggs’ NFTs 0x3dfcb488f6e96654e827ab2ab10a463b9927d4f9 $50,542.40 no 3 months ago 019bb50b-e0d1-731c-aff5-13e0ff6392b6
high codex claimCreature can be called repeatedly to mint unlimited creatures per egg 0x3dfcb488f6e96654e827ab2ab10a463b9927d4f9 $50,542.40 no 3 months ago 019bb50b-e0d1-731c-aff5-13e0ff6392b6
low codex Unchecked ERC20 transfer return values can desync internal balances 0x3dfcb488f6e96654e827ab2ab10a463b9927d4f9 $50,542.40 no 3 months ago 019bb50b-e0d1-731c-aff5-13e0ff6392b6
medium codex Computed external CALLs (some with ETH value) can be dangerous if target is attacker-controlled 0xc186e6f0163e21be057e95aa135edd52508d14d3 $0.00 no 3 months ago 019bb491-abe0-7015-aafa-7b767eaf03d1
medium codex CALLCODE to computed target may execute arbitrary code in caller storage 0xed38db26a3a7643f4ea274c3e6139eb3d3a13d49 $0.00 no 3 months ago 019bb491-966d-7208-a0e1-502697e2a9ca
low codex Low-level CALLs with computed target/value and no detected guards 0xed38db26a3a7643f4ea274c3e6139eb3d3a13d49 $0.00 no 3 months ago 019bb491-966d-7208-a0e1-502697e2a9ca
medium codex DELEGATECALL to computed target without confirmed access control 0xa1dff47e3e9c4a18d341e386c6707a18686fb834 $0.00 no 3 months ago 019bb491-3724-7173-a4ff-65108bf7b085
medium codex Authorization uses tx.origin (phishable) 0xa1dff47e3e9c4a18d341e386c6707a18686fb834 $0.00 no 3 months ago 019bb491-3724-7173-a4ff-65108bf7b085
low codex External CALL with nonzero value to a constant target (likely self) 0xa1dff47e3e9c4a18d341e386c6707a18686fb834 $0.00 no 3 months ago 019bb491-3724-7173-a4ff-65108bf7b085
high codex Unprotected initializer allows operator takeover 0x0b9f13ffab8448089f50073cf24bbe5c7bd8675a $0.00 no 3 months ago 019bb491-169f-736c-a71d-6f79af8f0433
high codex Computed DELEGATECALL targets reachable (potential arbitrary code execution) 0x51bb7afb900f6676878a1e49966fcee29d4e449c $50,916.81 no 3 months ago 019bb490-f3b8-7256-b9da-08514f901ce6
medium codex Computed CALL targets/values allow external calls with ETH (potential arbitrary send/reentrancy) 0x51bb7afb900f6676878a1e49966fcee29d4e449c $50,916.81 no 3 months ago 019bb490-f3b8-7256-b9da-08514f901ce6
medium codex External CALLs to computed targets with possible ETH value 0x764c64b2a09b09acb100b80d8c505aa6a0302ef2 $50,967.90 no 3 months ago 019bb490-f3b0-72b8-bc22-2e4219ff2cd1
low codex State writes to fixed storage slots with no detected guards 0x764c64b2a09b09acb100b80d8c505aa6a0302ef2 $50,967.90 no 3 months ago 019bb490-f3b0-72b8-bc22-2e4219ff2cd1
medium codex ERC20 collateral gains sent to trove are not transferred, breaking accounting 0x6a9f9d6f5d672a9784c5e560a9648de6cbe2c548 $51,339.76 no 3 months ago 019bb490-f382-73c7-8d99-c44c6976ea98