TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low codex ERC20Permit domain separator is fixed at deployment (fork replay risk) 0x6a9f9d6f5d672a9784c5e560a9648de6cbe2c548 $51,339.76 no 3 months ago 019bb490-f382-73c7-8d99-c44c6976ea98
high codex Approved operator can burn someone else’s NFT and steal the ETH backing 0xc315c1982efab100b4a3eca4035567358f85bbb2 $51,373.86 no 3 months ago 019bb490-f36f-70c4-96e3-f0e30d2d9ef1
low codex Predictable/malleable randomness for genesis token assignment 0xc315c1982efab100b4a3eca4035567358f85bbb2 $51,373.86 no 3 months ago 019bb490-f36f-70c4-96e3-f0e30d2d9ef1
low codex Potential ETH value transfer via computed CALL 0xa4ed12b05ee199c64c01434bbe73f67709b53682 $51,410.07 no 3 months ago 019bb490-f367-73ff-b398-4c0bbeb0b015
low codex External CALLs to computed targets without detected reentrancy guard 0xa4ed12b05ee199c64c01434bbe73f67709b53682 $51,410.07 no 3 months ago 019bb490-f367-73ff-b398-4c0bbeb0b015
medium codex Computed external CALLs (some with ETH value) without detectable guards or return checks 0x3fbe1f8fc5ddb27d428aa60f661eaaab0d2000ce $51,438.93 no 3 months ago 019bb490-f35f-7392-9feb-8212b2eae35f
low codex CREATE opcode reachable (factory-like deployment) with unclear access control 0x3fbe1f8fc5ddb27d428aa60f661eaaab0d2000ce $51,438.93 no 3 months ago 019bb490-f35f-7392-9feb-8212b2eae35f
high codex Computed DELEGATECALL target reachable (potential arbitrary code execution) 0x07cdb44fa1e7eceb638c12a3451a3dc9ce1400e4 $51,658.37 no 3 months ago 019bb490-f330-732b-874c-9489d47f6791
medium codex tx.origin appears in authorization logic 0x07cdb44fa1e7eceb638c12a3451a3dc9ce1400e4 $51,658.37 no 3 months ago 019bb490-f330-732b-874c-9489d47f6791
medium codex Authorization relies on tx.origin checks 0x2711847ffe2a0dd128197c3a6fe193fad1995ef3 $51,719.53 no 3 months ago 019bb490-f320-704a-95d0-3dea6c635719
low codex External CALLs use computed targets/values and ignore return data 0x2711847ffe2a0dd128197c3a6fe193fad1995ef3 $51,719.53 no 3 months ago 019bb490-f320-704a-95d0-3dea6c635719
high codex Refunds do not burn/reclaim tokens, enabling free tokens on refund 0x3fd30f3e1fbf4f3ea6bdf3e3bb11826266708869 $51,744.30 no 3 months ago 019bb490-f318-736f-80a5-c2d60794689b
high codex Initializer can be called by anyone to become operator 0x03f34be1bf910116595db1b11e9d1b2ca5d59659 $51,882.41 no 3 months ago 019bb490-f311-7387-a624-2ced8b0052f8
medium codex Claim data not bound to Merkle‑proven entity UUID allows cross‑entity claiming 0x7d3e713f1160a21d8251749e30e62ff12d27d6f2 $0.00 no 3 months ago 019bb377-cb21-707f-bec4-277fb6e7ab46
medium codex Claim data not bound to merkle-leaf entityUUID 0x7d3e713f1160a21d8251749e30e62ff12d27d6f2 $0.00 no 3 months ago 019bb377-84c2-701a-9244-2bb4af000d2a
low codex Replayable claim and carry withdrawal signatures (no nonce/used tracking) 0x7d3e713f1160a21d8251749e30e62ff12d27d6f2 $0.00 no 3 months ago 019bb377-84c2-701a-9244-2bb4af000d2a
high codex Computed DELEGATECALL target reachable (potential arbitrary code execution) 0x55ec809027ce7b71500561f24ed318424b90fa79 $52,112.70 no 3 months ago 019bb377-69f9-704e-b3a5-3d5c116c864f
medium codex Computed CALL target/value with ETH transfer possible 0x55ec809027ce7b71500561f24ed318424b90fa79 $52,112.70 no 3 months ago 019bb377-69f9-704e-b3a5-3d5c116c864f
medium codex SELFDESTRUCT reachable (beneficiary is CALLER) 0x55ec809027ce7b71500561f24ed318424b90fa79 $52,112.70 no 3 months ago 019bb377-69f9-704e-b3a5-3d5c116c864f
low codex Unchecked low-level call results can desync accounting and clear pending txs 0x0c2665b200de022b98bf77492eb1dbea99c80e89 $52,165.97 no 3 months ago 019bb377-69ea-706f-8a9f-4e6b23cf77a4
low codex Unchecked return value when rescuing ERC20 tokens 0xddc2cbf96836f55ca40b819078f3ecbf1b270315 $52,168.50 no 3 months ago 019bb377-69e4-7107-8451-a61f773bc03a
low codex Computed-target CALLs with possible ETH value and unknown return checks 0xd1538a9d69801e57c937f3c64d8c4f57d2967257 $52,224.56 no 3 months ago 019bb377-69dc-7301-af57-e1e5c595dd03
high codex Minter can be set by any address once, enabling unauthorized mint/reset 0xc6b330df38d6ef288c953f1f2835723531073ce2 $52,230.71 no 3 months ago 019bb377-69d5-7349-915e-9672d06739b0
medium codex Order signatures lack proper domain separation and user binding in hash 0xc6b330df38d6ef288c953f1f2835723531073ce2 $52,230.71 no 3 months ago 019bb377-69d5-7349-915e-9672d06739b0
medium codex Unchecked multiplication/division in trade and volume calculations can overflow 0xc6b330df38d6ef288c953f1f2835723531073ce2 $52,230.71 no 3 months ago 019bb377-69d5-7349-915e-9672d06739b0
low codex ERC20 approve race condition allows double-spend of allowance 0xc6b330df38d6ef288c953f1f2835723531073ce2 $52,230.71 no 3 months ago 019bb377-69d5-7349-915e-9672d06739b0
medium codex Claim accounting can be bypassed because claimData.entityUUID is not tied to the merkle leaf 0xe44fc87cb2a6de79daef05008e42d18591b32e50 $52,319.75 no 3 months ago 019bb377-69c2-728f-a283-fa65e62ac929
low codex Claim and carry signatures are replayable (no nonce/unique-use tracking) 0xe44fc87cb2a6de79daef05008e42d18591b32e50 $52,319.75 no 3 months ago 019bb377-69c2-728f-a283-fa65e62ac929
high codex Owner can set arbitrary fees and redirect fee wallets, enabling confiscatory transfers or trading freeze 0x6adb2e268de2aa1abf6578e4a8119b960e02928f $52,612.39 no 3 months ago 019bb377-69ba-721a-a2da-33713b7e41bf
medium codex swapAndLiquify can divide by zero and brick transfers when liquidity/marketing/dev fees are zero 0x6adb2e268de2aa1abf6578e4a8119b960e02928f $52,612.39 no 3 months ago 019bb377-69ba-721a-a2da-33713b7e41bf
medium codex Owner-controlled blacklist can freeze user funds or halt trading 0x6adb2e268de2aa1abf6578e4a8119b960e02928f $52,612.39 no 3 months ago 019bb377-69ba-721a-a2da-33713b7e41bf
low codex Zero-slippage swap exposes internal swaps to sandwich/price manipulation 0x6adb2e268de2aa1abf6578e4a8119b960e02928f $52,612.39 no 3 months ago 019bb377-69ba-721a-a2da-33713b7e41bf
medium codex Computed external CALLs may allow arbitrary calls/ETH transfer if parameters are user-controlled 0x58f771ce4c4238cf989f086b2b0619393bdcef25 $52,789.25 no 3 months ago 019bb377-69ac-70bd-82fb-7affe671c9e7
medium codex External CALLs occur before state updates (reentrancy window) 0x5087fecec9b7386d1f2417fd779e1fd9bf509466 $52,824.00 no 3 months ago 019bb377-69a4-71cb-9ad1-0ec87c6b314a
low codex ERC20 low-level CALLs do not validate return data 0x5087fecec9b7386d1f2417fd779e1fd9bf509466 $52,824.00 no 3 months ago 019bb377-69a4-71cb-9ad1-0ec87c6b314a
medium codex CALLCODE to computed target allows execution in caller storage 0xeeee96017550c817643bb0e85ebebc512e7a27ba $52,841.79 no 3 months ago 019bb377-699e-73c4-bcd1-6c9ed4a4ebb9
medium codex tx.origin used in guard logic (phishing-prone if used for auth) 0xeeee96017550c817643bb0e85ebebc512e7a27ba $52,841.79 no 3 months ago 019bb377-699e-73c4-bcd1-6c9ed4a4ebb9
low codex CREATE2 opcode reachable (factory capability) 0xeeee96017550c817643bb0e85ebebc512e7a27ba $52,841.79 no 3 months ago 019bb377-699e-73c4-bcd1-6c9ed4a4ebb9
low codex Value-carrying CALLs to computed targets (untrusted-call risk, target uncertainty) 0xeeee96017550c817643bb0e85ebebc512e7a27ba $52,841.79 no 3 months ago 019bb377-699e-73c4-bcd1-6c9ed4a4ebb9
low codex Low-level CALL with computed target/value may allow unintended external calls or ETH transfers 0xf9742810d596769d6cb54799eb1e2ccda03aeb9c $53,138.26 no 3 months ago 019bb377-698f-73e1-ada8-09688a3a56e6
medium codex Computed-target CALLs with possible ETH value transfer 0xee895136f60984ad428830eb622f9e1f91a13a45 $53,151.25 no 3 months ago 019bb377-6988-7237-b1cc-14a9ae159ea2
high codex ClaimData entityUUID not bound to merkle leaf allows cross-entity claims and carry miscalculation 0x1a170e3bbc7d930677bb7a77f9979032fefebb25 $53,269.93 no 3 months ago 019bb377-6981-7258-b853-2ed456496df7
high codex Raffle can permanently revert when remainingURS is zero or exceeds totalTickets, locking tickets and refunds 0xd19fa1565564f552200ab656c3003d5868555539 $53,320.00 no 3 months ago 019bb377-6977-7248-ab58-bc41dc632e0d
medium codex Owner-controlled raffle number enables deterministic winner selection 0xd19fa1565564f552200ab656c3003d5868555539 $53,320.00 no 3 months ago 019bb377-6977-7248-ab58-bc41dc632e0d
medium codex Randomness derived from block properties (TIMESTAMP/PREVRANDAO) 0x7e57ac0cc9251a5ac8a4ba2f138793bef8e47fcd $53,346.23 no 3 months ago 019bb377-695b-732c-9a5c-db637f2ff0d1
medium codex External CALLs with computed targets/value and no reentrancy guard detected 0x7e57ac0cc9251a5ac8a4ba2f138793bef8e47fcd $53,346.23 no 3 months ago 019bb377-695b-732c-9a5c-db637f2ff0d1
low codex Potential gas-DoS from unbounded loop with external calls 0x7e57ac0cc9251a5ac8a4ba2f138793bef8e47fcd $53,346.23 no 3 months ago 019bb377-695b-732c-9a5c-db637f2ff0d1
medium codex Computed-target CALLs with value could enable reentrancy or unwanted ETH transfers 0x9ee44137984af40481663744d27c5ae79210991e $0.00 no 3 months ago 019bb2d6-484b-7238-bacf-4345a50acc70
low codex SELFDESTRUCT opcode present; reachability/guarding unclear 0x9ee44137984af40481663744d27c5ae79210991e $0.00 no 3 months ago 019bb2d6-484b-7238-bacf-4345a50acc70
low codex CREATE/CREATE2 opcodes present; ensure deployment paths are restricted 0x9ee44137984af40481663744d27c5ae79210991e $0.00 no 3 months ago 019bb2d6-484b-7238-bacf-4345a50acc70