TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Attack success overwrites transfer-fee deduction, inflating energy pool 0x3a275655586a049fe860be867d10cdae2ffc0f33 $55,415.97 no 3 months ago 019bb004-7ae2-7278-b7d7-39475615538c
low codex 2300-gas ETH transfers can lock withdrawals for contract owners 0x3a275655586a049fe860be867d10cdae2ffc0f33 $55,415.97 no 3 months ago 019bb004-7ae2-7278-b7d7-39475615538c
medium codex DELEGATECALL target is computed from storage without visible access controls 0xad2b801944acb63eb31fdbc6315d2a3842615e0a $55,425.45 no 3 months ago 019bb004-7ad9-72bc-bd34-1a7bbbd54b88
medium codex Owner can withdraw any ETH, breaking LP solvency and claims 0x38930aae699c4cd99d1d794df9db41111b13092b $55,426.14 no 3 months ago 019bb004-7ad2-70e7-af5b-3dd55be971b6
low codex Buying the last LP token reverts due to division by zero 0x38930aae699c4cd99d1d794df9db41111b13092b $55,426.14 no 3 months ago 019bb004-7ad2-70e7-af5b-3dd55be971b6
low codex feeSplit can be set to 0 or tiny, causing division by zero/overflow DoS 0x38930aae699c4cd99d1d794df9db41111b13092b $55,426.14 no 3 months ago 019bb004-7ad2-70e7-af5b-3dd55be971b6
info codex Trait randomness is miner-influenced via blockhash 0x38930aae699c4cd99d1d794df9db41111b13092b $55,426.14 no 3 months ago 019bb004-7ad2-70e7-af5b-3dd55be971b6
medium codex Mid‑month mint/burn retroactively changes the profit denominator for the entire month 0x6b249a94182219cb1af58a197573dccd9ab94144 $55,473.89 no 3 months ago 019bb004-7ac1-71ec-a3df-76571e731ff7
medium codex Unbounded month iteration can make transfers/withdrawals run out of gas 0x6b249a94182219cb1af58a197573dccd9ab94144 $55,473.89 no 3 months ago 019bb004-7ac1-71ec-a3df-76571e731ff7
low codex Month boundaries rely on `now`, allowing miner influence around cutoff times 0x6b249a94182219cb1af58a197573dccd9ab94144 $55,473.89 no 3 months ago 019bb004-7ac1-71ec-a3df-76571e731ff7
medium codex ERC20.initialize reverts when called via proxy, preventing proxy initialization 0x1b7d237406f51978d48bfcec2211c5eb97a344aa $55,522.08 no 3 months ago 019bb004-7ab1-705e-a818-96d48a80f311
medium codex Unrestricted withdraw allows premature drain during FUNDING 0x1b7d237406f51978d48bfcec2211c5eb97a344aa $55,522.08 no 3 months ago 019bb004-7ab1-705e-a818-96d48a80f311
high codex Referral fee causes over-distribution, leading to payout DoS or cross-audit fund drain 0xa1559cb92445cd39e3f8f16c3574e99850bc7b7d $55,529.41 no 3 months ago 019bb004-7aaa-7101-90e3-70d09190c5dd
low codex `tx.origin`-based registration allows contract squatting/impersonation 0xa1559cb92445cd39e3f8f16c3574e99850bc7b7d $55,529.41 no 3 months ago 019bb004-7aaa-7101-90e3-70d09190c5dd
low codex Unchecked ERC20 transfer in `acceptAuditor` can silently fail and desync accounting 0xa1559cb92445cd39e3f8f16c3574e99850bc7b7d $55,529.41 no 3 months ago 019bb004-7aaa-7101-90e3-70d09190c5dd
low codex Untrusted external CALL(s) reachable; potential reentrancy surface 0xb29c98c950a9134568e370b9507cf3a6bddceb49 $55,577.12 no 3 months ago 019bb004-7aa1-70d2-9db6-bc20a1f90f02
medium codex Low-level CALL to computed target/value without clear success handling 0xecb55b39adb7c166ccab4ccb77463ded1d201de4 $55,577.52 no 3 months ago 019bb004-7a88-71a8-a984-b890b5639b62
low codex External value transfers without detected reentrancy guard 0xb468ab08385c42b086cf487ad4f1821a18ee714f $0.00 no 3 months ago 019bab3e-9728-735c-874d-13bc5911ad95
low codex Potential external CALLs with computed targets and ETH value 0xb468ab08385c42b086cf487ad4f1821a18ee714f $0.00 no 3 months ago 019bab3e-9728-735c-874d-13bc5911ad95
high codex Computed DELEGATECALL target reachable (arbitrary code execution risk) 0x6c6210232654a5b57a576f9b4434f36e0b5d3768 $0.00 no 3 months ago 019bab3e-55f8-7003-b95c-b596b34c2a96
medium codex Computed external CALLs with ETH value (potential reentrancy/arbitrary call) 0x6c6210232654a5b57a576f9b4434f36e0b5d3768 $0.00 no 3 months ago 019bab3e-55f8-7003-b95c-b596b34c2a96
high codex Old committee members remain authorized after rotation 0x49643fc85fb1f25b6775ebbbdc69295d45105abc $0.00 no 3 months ago 019bab3d-f2be-72f8-a06f-15a39da6a9c7
medium codex Oracle price validation missing allows minimum limit bypass or revert 0x49643fc85fb1f25b6775ebbbdc69295d45105abc $0.00 no 3 months ago 019bab3d-f2be-72f8-a06f-15a39da6a9c7
low codex StableSwap accounting assumes exact token transfers (fee-on-transfer breaks invariants) 0x49643fc85fb1f25b6775ebbbdc69295d45105abc $0.00 no 3 months ago 019bab3d-f2be-72f8-a06f-15a39da6a9c7
high codex processAccounting ignores buffer/strategy assets, enabling share price manipulation 0xc1c5b18774d0282949331b719b5ea4a21cbc62c8 $0.00 no 3 months ago 019bab3d-c746-7355-af08-a01c5cba9495
medium codex Share pricing fully trusts provider rates without validation or staleness checks 0xc1c5b18774d0282949331b719b5ea4a21cbc62c8 $0.00 no 3 months ago 019bab3d-c746-7355-af08-a01c5cba9495
low codex Fee-on-transfer tokens can inflate shares and totalAssets 0xc1c5b18774d0282949331b719b5ea4a21cbc62c8 $0.00 no 3 months ago 019bab3d-c746-7355-af08-a01c5cba9495
critical codex Computed DELEGATECALL target reachable (arbitrary code execution in caller storage) 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 3 months ago 019bab3d-a735-71f5-99d9-235223139c05
high codex CALLCODE to computed target enables storage/context corruption 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 3 months ago 019bab3d-a735-71f5-99d9-235223139c05
medium codex Multiple computed CALLs with ETH value may allow arbitrary external calls/ETH transfers 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 3 months ago 019bab3d-a735-71f5-99d9-235223139c05
high codex Unrestricted initializer allows takeover of uninitialized AToken instance/proxy 0x6faee7aac498326660ac2b7207b9f67666073111 $0.00 no 3 months ago 019bab3d-a126-71a9-ba02-d6d1d782d905
critical codex Initializer is publicly callable, enabling proxy takeover if not initialized atomically 0x677ecf96dbfee1defbde8d2e905a39f73aa27b89 $0.00 no 3 months ago 019bab3d-7dae-718a-bd33-ed21b428c9ba
low codex CREATE opcode reachable 0xd9537f37fb0c7c6219b1d929688d4553d7735fdc $0.00 no 3 months ago 019bab3d-3c25-70db-987e-c40123e1a189
low codex External CALLs with computed target/value (possible ETH transfer) 0xd9537f37fb0c7c6219b1d929688d4553d7735fdc $0.00 no 3 months ago 019bab3d-3c25-70db-987e-c40123e1a189
info codex Implementation appears behind an EIP-1967 proxy 0xd9537f37fb0c7c6219b1d929688d4553d7735fdc $0.00 no 3 months ago 019bab3d-3c25-70db-987e-c40123e1a189
medium codex SELFDESTRUCT instruction present and potentially reachable 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 3 months ago 019bab3d-0c7e-71f2-bf8e-4275a4cf132f
medium codex Computed external CALLs with possible ETH value transfer 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 3 months ago 019bab3d-0c7e-71f2-bf8e-4275a4cf132f
low codex Hardcoded msg.sender==0xffff... guard suggests unusual/possibly unreachable authorization 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 3 months ago 019bab3d-0c7e-71f2-bf8e-4275a4cf132f
medium codex Proxy can be hijacked if not initialized atomically 0x5e1e6dcf05fb49568aa66f40b9e3834c86008c8f $0.00 no 3 months ago 019bab3c-e9f9-72ab-84cf-abd0852573bf
low codex Implementation contract is left initializable 0x5e1e6dcf05fb49568aa66f40b9e3834c86008c8f $0.00 no 3 months ago 019bab3c-e9f9-72ab-84cf-abd0852573bf
medium codex Computed DELEGATECALL target reachable (potentially untrusted) 0x3463c6572bf1ea4c719fc229bd0d4956b0585a2c $0.00 no 3 months ago 019bab3c-cabb-72fc-a916-554f86904ec9
high codex Unprotected initializer can be hijacked to take ownership 0xb0d6eed90f8e497b867f557c44a49c8c81fa0a5d $0.00 no 3 months ago 019bab3c-acf0-7088-b150-fa883a5349a3
medium codex Bridging fee‑on‑transfer/rebasing ERC20s can under‑collateralize 0xb0d6eed90f8e497b867f557c44a49c8c81fa0a5d $0.00 no 3 months ago 019bab3c-acf0-7088-b150-fa883a5349a3
medium codex Unchecked eETH.transferFrom can mint withdrawal requests without locking funds 0x68fe80c6e97e0c8613e2fed344358c6635ba5366 $0.00 no 3 months ago 019bab3c-a6af-702e-81df-bc4bc14e96dc
medium codex BNFT cancel path refunds caller without local ownership checks 0x68fe80c6e97e0c8613e2fed344358c6635ba5366 $0.00 no 3 months ago 019bab3c-a6af-702e-81df-bc4bc14e96dc
low codex Scheduling edge case lets index-0 BNFT holder bypass validator spin-up limits 0x68fe80c6e97e0c8613e2fed344358c6635ba5366 $0.00 no 3 months ago 019bab3c-a6af-702e-81df-bc4bc14e96dc
medium codex Potential authorization using tx.origin 0x4b14ddc1b1b4bb3a89d574c2708c609d4e192730 $0.00 no 3 months ago 019bab3c-509f-7157-9791-77edf365d19b
low codex CREATE2 opcode present and potentially reachable 0x4b14ddc1b1b4bb3a89d574c2708c609d4e192730 $0.00 no 3 months ago 019bab3c-509f-7157-9791-77edf365d19b
low codex CALLs with computed target/value; external-call risk unclear 0x4b14ddc1b1b4bb3a89d574c2708c609d4e192730 $0.00 no 3 months ago 019bab3c-509f-7157-9791-77edf365d19b
high codex Admin rescueAssets can withdraw unclaimed exit assets once vault is uncollateralized 0x927a83c679a5e1a6435d6bfaef7f20d4db23e2cc $0.00 no 3 months ago 019bab3c-4a33-7098-9325-ebfbff005bf9