TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Public initializer can be called post-deployment to seize ownership 0x5c4afb7e23b1dc1b409dc1702f89c64527b25975 $0.00 no 3 months ago 019bb2d6-256c-7084-a43d-404bd7779c6c
medium codex Computed external CALLs with ETH value may be reachable without strong guards 0x69327f95182910aef8b45a1968b64a0b420178fb $53,592.29 no 3 months ago 019bb2d5-fdaa-7097-b390-aad7f7603684
low codex Auth guard detection absent for potentially privileged selectors 0x69327f95182910aef8b45a1968b64a0b420178fb $53,592.29 no 3 months ago 019bb2d5-fdaa-7097-b390-aad7f7603684
medium codex tx.origin used in authorization guard (heuristic) 0x3ee764c95e9d2264de3717a4cb45bcd3c5f00035 $53,611.14 no 3 months ago 019bb2d5-fda3-7027-b59f-9717a250f31d
low codex External CALLs with computed target/value; reentrancy/unchecked-call uncertainty 0x3ee764c95e9d2264de3717a4cb45bcd3c5f00035 $53,611.14 no 3 months ago 019bb2d5-fda3-7027-b59f-9717a250f31d
high codex Authorization uses tx.origin (phishing/bypass risk) 0xb233cb2f0dce57a56bf732767f45ffc8650186c5 $53,685.37 no 3 months ago 019bb2d5-fd9c-70c1-9455-bdd1d8f6cc86
medium codex SELFDESTRUCT present; beneficiary uses tx.origin (reachability uncertain) 0xb233cb2f0dce57a56bf732767f45ffc8650186c5 $53,685.37 no 3 months ago 019bb2d5-fd9c-70c1-9455-bdd1d8f6cc86
low codex CREATE2 opcode present; deployment authorization unclear 0xb233cb2f0dce57a56bf732767f45ffc8650186c5 $53,685.37 no 3 months ago 019bb2d5-fd9c-70c1-9455-bdd1d8f6cc86
medium codex Registered exit game can permanently lock exit processing via global mutex 0x3eed23ea148d356a72ca695dbce2fceb40a32ce0 $53,919.92 no 3 months ago 019bb2d5-fd8c-7200-a181-98b9f722917b
low codex Early-access claims bypass per-wallet and per-transaction mint caps 0xfdeef424c147e869a9bb2723874186f06f36b386 $53,940.00 no 3 months ago 019bb2d5-fd85-710e-8350-809272f47bd3
medium codex Fee-on-transfer/deflationary tokens break reserve accounting and allow pool draining 0x00000000000008882d72efa6cce4b6a40b24c860 $53,973.10 no 3 months ago 019bb2d5-fd7c-72df-8b0e-fc3992167c10
medium codex Unchecked ERC6909 transfer return values enable malicious tokens to bypass payment 0x00000000000008882d72efa6cce4b6a40b24c860 $53,973.10 no 3 months ago 019bb2d5-fd7c-72df-8b0e-fc3992167c10
high codex Mint proceeds are trapped in Azaraks because PaymentSplitter never receives funds 0x0d8f1817c644101a915852841a3b5933b0b8dcc7 $54,021.22 no 3 months ago 019bb2d5-fd73-7212-bbeb-57b641057c57
medium codex Uninitialized signerAddress allows anyone to mint with invalid signatures 0x0d8f1817c644101a915852841a3b5933b0b8dcc7 $54,021.22 no 3 months ago 019bb2d5-fd73-7212-bbeb-57b641057c57
low codex Signatures lack domain separation, enabling cross-chain or cross-deployment replay 0x0d8f1817c644101a915852841a3b5933b0b8dcc7 $54,021.22 no 3 months ago 019bb2d5-fd73-7212-bbeb-57b641057c57
medium codex Computed external CALLs (some with ETH value) to potentially untrusted targets 0x8cd88002dce524de8be8d49d894176e982a81cd6 $54,087.18 no 3 months ago 019bb2d5-fd60-7166-ac7b-7934f66b0e25
low codex CREATE opcode reachable (on-chain contract deployment) 0x8cd88002dce524de8be8d49d894176e982a81cd6 $54,087.18 no 3 months ago 019bb2d5-fd60-7166-ac7b-7934f66b0e25
medium codex Low-level CALLs to computed targets/values without detected guards 0x3d64bd587300af85ae54007d350bfd293dc24581 $54,210.42 no 3 months ago 019bb2d5-fd57-707f-a904-b2b419626a9c
low codex CREATE/CREATE2 opcodes present (factory behavior) 0x3d64bd587300af85ae54007d350bfd293dc24581 $54,210.42 no 3 months ago 019bb2d5-fd57-707f-a904-b2b419626a9c
low codex SELFDESTRUCT opcode present in runtime bytecode (reachability unclear) 0x3d64bd587300af85ae54007d350bfd293dc24581 $54,210.42 no 3 months ago 019bb2d5-fd57-707f-a904-b2b419626a9c
low codex Rounding leaves residual funds unaccounted and permanently locked 0xaafdfa4a935d8511bf285af11a0544ce7e4a1199 $54,249.81 no 3 months ago 019bb2d5-fd4f-7134-9797-5bc781704143
medium codex External CALLs with computed target/value (possible arbitrary call/ETH transfer and reentrancy) 0x7578425460c842ca077544ffe224cf213c931241 $54,276.19 no 3 months ago 019bb2d5-fd48-731a-858c-65a6ba51906e
low codex Access-control guards not detected for likely admin/ownership selectors 0x7578425460c842ca077544ffe224cf213c931241 $54,276.19 no 3 months ago 019bb2d5-fd48-731a-858c-65a6ba51906e
low codex CREATE2 reachable (arbitrary deployment possible if unguarded) 0x7578425460c842ca077544ffe224cf213c931241 $54,276.19 no 3 months ago 019bb2d5-fd48-731a-858c-65a6ba51906e
high codex Authorization relies on tx.origin (phishable access control) 0x00055b597e0050405b27c90d21343b1eb5b74165 $54,364.06 no 3 months ago 019bb2d5-fd3e-73af-81be-e1af5c6d5e38
medium codex Hardcoded 1000 denominator breaks accounting when shares do not sum to 1000 0xe9426198aec621203ba1fe07cf292b3796ba6248 $54,368.27 no 3 months ago 019bb2d5-fd30-71f7-b28c-904f162f05ba
medium codex Fee-on-transfer or rebasing tokens can undercollateralize remote supply 0x3c43c421f08e2a48889ea3f75a747b7a7a366a0b $54,485.54 no 3 months ago 019bb2d5-fd27-7219-8d7d-9d545f16545a
medium codex Unlock payload can release more than it deducts from locked balance 0x9c6d5a71fdd306329287a835e9b8edb7f0f17898 $54,518.67 no 3 months ago 019bb2d5-fd1d-71c5-99a4-d8011bee64d6
medium codex Unchecked ERC6909 transfer/transferFrom allows spoofed transfers and reserve desync 0x000000000000040470635eb91b7ce4d132d616ed $54,720.31 no 3 months ago 019bb2d5-fced-72a8-b292-cf03c66350e4
high codex Unprotected initialize allows hostile takeover of clones 0x24d937143d3f5cf04c72ba112735151a8cae2262 $0.00 no 3 months ago 019bb005-2254-73e9-85d1-87e7597e1544
medium codex `withdraw_admin_fees` can be reentered to withdraw fees multiple times 0x24d937143d3f5cf04c72ba112735151a8cae2262 $0.00 no 3 months ago 019bb005-2254-73e9-85d1-87e7597e1544
low codex Unchecked ERC20 transfer result in `withdraw_admin_fees` can zero admin fees on failed transfer 0x24d937143d3f5cf04c72ba112735151a8cae2262 $0.00 no 3 months ago 019bb005-2254-73e9-85d1-87e7597e1544
low codex External value-transferring CALLs with computed targets; reentrancy protection unclear 0x86e3f7bd35bbd635bd41834c73356e1d9803e53b $0.00 no 3 months ago 019bb005-1c17-7327-878c-60f8b94db434
high codex Computed DELEGATECALL target reachable (possible arbitrary code execution) 0x9cea88ee39b6cc09c478942bbf83bfa77d87b5f3 $0.00 no 3 months ago 019bb005-067a-72f6-9cc1-461f0f1a0847
medium codex Value-bearing external CALLs to computed targets without detected guard 0x9cea88ee39b6cc09c478942bbf83bfa77d87b5f3 $0.00 no 3 months ago 019bb005-067a-72f6-9cc1-461f0f1a0847
high codex Buyout success never transfers listing tokens to offerer (tokens locked permanently) 0x90b6047da43a370a402fb1f88f4313faa34a923b $0.00 no 3 months ago 019bb004-d430-731f-a526-9f72bf0d193b
medium codex Public initializer can be front‑run on uninitialized deployments 0x90b6047da43a370a402fb1f88f4313faa34a923b $0.00 no 3 months ago 019bb004-d430-731f-a526-9f72bf0d193b
medium codex Anyone can trigger withdrawals at any time, breaking funding cap and redemption backing 0x0e41862deeca185f784b96a0bc44de21f0436306 $0.00 no 3 months ago 019bb004-9839-71fb-bf53-cdb271c42b17
low codex Reentrancy in _withdraw allows treasury to collect multiple fees 0x0e41862deeca185f784b96a0bc44de21f0436306 $0.00 no 3 months ago 019bb004-9839-71fb-bf53-cdb271c42b17
medium codex Deposits credit the requested amount instead of actual tokens received 0x2f23228b905ceb4734eb42d9b42805296667c93b $54,734.89 no 3 months ago 019bb004-7b4d-7161-b0f8-f40aa9087df9
high codex Unprotected initializer allows proxy takeover if not initialized atomically 0x828b154032950c8ff7cf8085d841723db2696056 $54,741.24 no 3 months ago 019bb004-7b45-70c7-adb3-d1c5cb2846d2
medium codex `withdraw_admin_fees` can be reentered via token callback before state is updated 0x828b154032950c8ff7cf8085d841723db2696056 $54,741.24 no 3 months ago 019bb004-7b45-70c7-adb3-d1c5cb2846d2
low codex Admin fee withdrawal ignores ERC20 return values and can zero fees on failed transfer 0x828b154032950c8ff7cf8085d841723db2696056 $54,741.24 no 3 months ago 019bb004-7b45-70c7-adb3-d1c5cb2846d2
low codex Computed CALL targets/values may allow untrusted external calls with ETH 0x10fc064739ecef0a076ccce5de283b5a9e74faf6 $54,745.39 no 3 months ago 019bb004-7b3d-70c2-b93c-a100cd2b8bc6
low codex External CALLs use computed target/value; untrusted-call and reentrancy risk depends on target control 0xd2fe354cfebaa06f2140f13b66d0b3e1fc3ceec0 $54,874.97 no 3 months ago 019bb004-7b2e-72f1-98f3-d97b5c502053
high codex Computed DELEGATECALL target controlled by storage slot0 0x05ff2b0db69458a0750badebc4f9e13add608c7f $55,111.44 no 3 months ago 019bb004-7b0f-73a8-8090-aaa6e87c7325
medium codex Implementation stored in slot0 risks storage collision with delegated logic 0x05ff2b0db69458a0750badebc4f9e13add608c7f $55,111.44 no 3 months ago 019bb004-7b0f-73a8-8090-aaa6e87c7325
medium codex Authorization appears to rely on tx.origin 0x5d42bc90d11538c91606c31f3cd00711a94f31c3 $55,344.29 no 3 months ago 019bb004-7af8-72e8-b6c4-6b17a2944eaa
high codex Offerer can never claim listing tokens after successful buyout 0xc6cc57767ac16c1ad20f507e11db1e5265034b09 $55,355.50 no 3 months ago 019bb004-7af0-71cd-ab6e-35bf05fc077a
medium codex Attack success overwrites transfer-fee deduction, inflating energy pool 0x3a275655586a049fe860be867d10cdae2ffc0f33 $55,415.97 no 3 months ago 019bb004-7ae2-7278-b7d7-39475615538c