TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Validators manager signatures are replayable in registerValidators (nonce not enforced) 0x927a83c679a5e1a6435d6bfaef7f20d4db23e2cc $0.00 no 3 months ago 019bab3c-4a33-7098-9325-ebfbff005bf9
high codex SNARK verification can be bypassed via tx.origin backdoor 0xb157dc78c2815280906a6730984a5e0dca65e247 $0.00 no 3 months ago 019bab3c-03ac-7154-aa8e-81b80b4bfd3c
medium codex Merkle tree can be corrupted by oversized leaf batches 0xb157dc78c2815280906a6730984a5e0dca65e247 $0.00 no 3 months ago 019bab3c-03ac-7154-aa8e-81b80b4bfd3c
high codex Unprotected initializer allows timelock takeover if proxy not initialized 0x8d1fa828e0b99f2cd9bec6c51ff11e97b502db8a $0.00 no 3 months ago 019bab3b-fcd0-7290-bd8b-dd7b4bf015df
medium codex Potential arbitrary external CALL with ETH value if execution path is ungated 0xc8d2509dee0335ad8dd45667a60cb73e2cc3a7c7 $55,744.20 no 3 months ago 019bab3b-aceb-73bd-bc34-6a5988516fdf
medium codex Token checkpointing stops after 20 weeks, leaving undistributed tokens permanently unclaimable 0x951f99350d816c0e160a2c71defe828bdfc17f12 $55,827.39 no 3 months ago 019bab3b-acdd-73a3-9188-eb035b52b55e
medium codex Zero totalSupply weeks cause division-by-zero and permanently block claims 0x951f99350d816c0e160a2c71defe828bdfc17f12 $55,827.39 no 3 months ago 019bab3b-acdd-73a3-9188-eb035b52b55e
low codex External ETH refund during `_beforeTokenTransfers` enables reentrancy during transfers 0x7183209867489e1047f3a7c23ea1aed9c4e236e8 $55,856.61 no 3 months ago 019bab3b-acd5-731f-9ee9-3cb2fb20d89e
low codex Gallery art assignment uses miner/validator-manipulable block data 0x7183209867489e1047f3a7c23ea1aed9c4e236e8 $55,856.61 no 3 months ago 019bab3b-acd5-731f-9ee9-3cb2fb20d89e
medium codex DELEGATECALL into external contract address allows code execution in implementation storage 0x9719d81c506c95f92caf970851b22afc88aee574 $55,875.21 no 3 months ago 019bab3b-acce-7254-a517-d035d555f853
low codex External CALLs with computed target and value may allow value transfer or reentrancy if not tightly gated 0x9719d81c506c95f92caf970851b22afc88aee574 $55,875.21 no 3 months ago 019bab3b-acce-7254-a517-d035d555f853
medium codex Collected fee is excluded from swap/join/exit math and slippage checks 0xb8098e1cb8645da67238e340558ec1c8625b10db $55,939.90 no 3 months ago 019bab3b-acbc-72d4-be96-d51f69884b9a
high codex DELEGATECALL to external target (proxy-like risk) 0x06291eee038e94e8dec2b3bfb6e030c0b5615506 $56,236.72 no 3 months ago 019bab3b-ac85-70a7-83ce-dfd718c375d8
medium codex Low-level CALLs with computed target/value and unknown return handling 0x06291eee038e94e8dec2b3bfb6e030c0b5615506 $56,236.72 no 3 months ago 019bab3b-ac85-70a7-83ce-dfd718c375d8
medium codex Rewards accrue during zero-stake periods, letting late stakers capture idle rewards 0x7a9a0d2ae824ba57a5fe7dabaf7e6846021d4e8e $56,251.15 no 3 months ago 019bab3b-ac7d-7233-9fb9-aff5ddce53e8
low codex rescueTokens compares normalized stake totals against raw token balances 0x7a9a0d2ae824ba57a5fe7dabaf7e6846021d4e8e $56,251.15 no 3 months ago 019bab3b-ac7d-7233-9fb9-aff5ddce53e8
medium codex Authorization uses tx.origin (phishable / bypassable via intermediary contracts) 0x2cac6e4b11d6b58f6d3c1c9d5fe8faa89f60e5a2 $56,314.16 no 3 months ago 019bab3b-ac74-7341-b8b6-2be009b2500f
medium codex Computed external CALLs with ETH value; potential arbitrary call/value transfers and reentrancy risk 0x2cac6e4b11d6b58f6d3c1c9d5fe8faa89f60e5a2 $56,314.16 no 3 months ago 019bab3b-ac74-7341-b8b6-2be009b2500f
low codex SELFDESTRUCT opcode present; reachability unclear 0x2cac6e4b11d6b58f6d3c1c9d5fe8faa89f60e5a2 $56,314.16 no 3 months ago 019bab3b-ac74-7341-b8b6-2be009b2500f
high codex Delegatecall to computed target enables arbitrary code execution if reachable 0x95fe5961368664c3da8879d7542149ddf0738d82 $56,641.81 no 3 months ago 019bab3b-ac6c-7220-8780-0b3cf4eedfd4
low codex Untrusted external calls during ERC1155 receiver hooks (potential reentrancy surface) 0xa658542ca3265c00beb9a7b45a23503ed87c66c0 $56,652.50 no 3 months ago 019bab3b-ac62-70bf-bd48-3141cf1dd860
low codex Low-level ETH sweep to caller uses SELFBALANCE and CALLER 0xa658542ca3265c00beb9a7b45a23503ed87c66c0 $56,652.50 no 3 months ago 019bab3b-ac62-70bf-bd48-3141cf1dd860
high codex Retired committee members remain authorized to process requests 0xf2139f5c8afb8a4d64084efc5532830774742830 $56,780.96 no 3 months ago 019bab3b-ac5a-722f-b716-e6968b11ca70
medium codex USD transfer minimum is ignored when default minimum is smaller (often zero) 0xf2139f5c8afb8a4d64084efc5532830774742830 $56,780.96 no 3 months ago 019bab3b-ac5a-722f-b716-e6968b11ca70
medium codex Oracle anomalies can bypass transfer limits due to unchecked price and fail-open handling 0xf2139f5c8afb8a4d64084efc5532830774742830 $56,780.96 no 3 months ago 019bab3b-ac5a-722f-b716-e6968b11ca70
medium codex Unchecked ERC20 return values can mint unbacked xABR 0xd5d6b2f2d7a7506c49bb0cb6fb39a67f065d6fc4 $56,793.75 no 3 months ago 019bab3b-ac52-71c2-b78b-846cf73d1ca2
medium codex Bridge accounting breaks with fee-on-transfer or rebasing tokens 0xd5d6b2f2d7a7506c49bb0cb6fb39a67f065d6fc4 $56,793.75 no 3 months ago 019bab3b-ac52-71c2-b78b-846cf73d1ca2
low codex FeeOracle can be manipulated via temporary xABR balances 0xd5d6b2f2d7a7506c49bb0cb6fb39a67f065d6fc4 $56,793.75 no 3 months ago 019bab3b-ac52-71c2-b78b-846cf73d1ca2
low codex ETH transfers use `transfer`, enabling recipient DoS 0xd5d6b2f2d7a7506c49bb0cb6fb39a67f065d6fc4 $56,793.75 no 3 months ago 019bab3b-ac52-71c2-b78b-846cf73d1ca2
medium codex Share pricing fully trusts provider rates without safeguards 0x01ba69727e2860b37bc1a2bd56999c1afb4c15d8 $57,002.78 no 3 months ago 019bab3b-ac24-703a-981b-8dea6c2cb808
medium codex Mint path rounds down, allowing underpayment for shares 0x01ba69727e2860b37bc1a2bd56999c1afb4c15d8 $57,002.78 no 3 months ago 019bab3b-ac24-703a-981b-8dea6c2cb808
medium codex Deposits assume full transfer amount, enabling share inflation with fee-on-transfer tokens 0x01ba69727e2860b37bc1a2bd56999c1afb4c15d8 $57,002.78 no 3 months ago 019bab3b-ac24-703a-981b-8dea6c2cb808
medium codex Protocol swaps use manipulable TWAPs for `amountOutMinimum`, enabling adverse-rate swaps 0xaa390a37006e22b5775a34f2147f81ebd6a63641 $57,045.65 no 3 months ago 019bab3b-ac16-71c8-994e-dc9bad3c06f9
medium codex ETH fee calculation can be underpaid via manipulable Uniswap TWAP 0xaa390a37006e22b5775a34f2147f81ebd6a63641 $57,045.65 no 3 months ago 019bab3b-ac16-71c8-994e-dc9bad3c06f9
low codex Fixed 3000 gas stipend can permanently lock dividends for contract wallets 0x456fa3183d33497b290a3d24b98ddbc902ae1da5 $57,078.35 no 3 months ago 019bab3b-ac0d-70eb-9589-3835283d1f66
low codex External ETH transfer before state update can allow reentrant double-claims 0x456fa3183d33497b290a3d24b98ddbc902ae1da5 $57,078.35 no 3 months ago 019bab3b-ac0d-70eb-9589-3835283d1f66
low codex Owner can arbitrarily change dividend shares and exclude accounts 0x456fa3183d33497b290a3d24b98ddbc902ae1da5 $57,078.35 no 3 months ago 019bab3b-ac0d-70eb-9589-3835283d1f66
high codex Computed-target DELEGATECALL allows code execution in caller storage if user-controlled 0x60330141cf5911c14cdb400b7ad400b3c3dfdc7a $57,113.10 no 3 months ago 019bab3b-abf8-72ed-bfa4-d886cd417463
medium codex Multiple computed-target/value CALLs may enable arbitrary external calls and ETH transfers 0x60330141cf5911c14cdb400b7ad400b3c3dfdc7a $57,113.10 no 3 months ago 019bab3b-abf8-72ed-bfa4-d886cd417463
low codex CALLCODE opcode present in runtime bytecode (reachability unclear) 0x60330141cf5911c14cdb400b7ad400b3c3dfdc7a $57,113.10 no 3 months ago 019bab3b-abf8-72ed-bfa4-d886cd417463
medium codex Collateralization relies on a manipulable spot oracle without freshness or sanity checks 0x98cc3bd6af1880fcfda17ac477b2f612980e5e33 $57,367.04 no 3 months ago 019bab3b-abda-71cb-bc69-892fbe7a1945
medium codex ETH oToken purchases can spend the contract’s ETH balance without enforcing msg.value 0x98cc3bd6af1880fcfda17ac477b2f612980e5e33 $57,367.04 no 3 months ago 019bab3b-abda-71cb-bc69-892fbe7a1945
medium codex Unchecked ERC20 transfers in collateral/underlying payouts can break accounting and lock funds 0x98cc3bd6af1880fcfda17ac477b2f612980e5e33 $57,367.04 no 3 months ago 019bab3b-abda-71cb-bc69-892fbe7a1945
medium codex Initializer can be called by any address, enabling hostile initialization 0xa029a744b4e44e22f68a1bb9a848caafbf6bb233 $57,656.35 no 3 months ago 019bab3b-abbc-7163-9153-9fe872130821
medium codex External call occurs before storage update on at least one path 0x887910314a3bfbe7b6ea0c5fbf3b9fd2fcac89d1 $57,782.76 no 3 months ago 019bab3b-abb6-709a-a874-ab08c52922a5
medium codex Computed CALL targets and values enable arbitrary external calls if user-controlled 0x887910314a3bfbe7b6ea0c5fbf3b9fd2fcac89d1 $57,782.76 no 3 months ago 019bab3b-abb6-709a-a874-ab08c52922a5
low codex Return-data handling for external calls is unclear 0x887910314a3bfbe7b6ea0c5fbf3b9fd2fcac89d1 $57,782.76 no 3 months ago 019bab3b-abb6-709a-a874-ab08c52922a5
medium codex Potentially unguarded arbitrary CALL with ETH value (reachability unclear) 0x367ba7d034abf0b97bccdf07fd95217410c9dbe8 $57,950.00 no 3 months ago 019bab3b-aba8-711d-8ff4-ada11975c85e
medium codex External CALLs use computed targets/value without detectable guards 0x173a5c5e0106ca4f49ce91f042e32af97974035b $58,249.46 no 3 months ago 019bab3b-ab8b-724a-92a5-927090d81b9e
low codex Initializable pattern detected; proxy initialization must be verified 0x173a5c5e0106ca4f49ce91f042e32af97974035b $58,249.46 no 3 months ago 019bab3b-ab8b-724a-92a5-927090d81b9e