TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Game/payout logic appears to use block data as manipulable randomness 0xb244abeae1a7e1e5d6da9008098bbeecec067c56 $0.78 no 1 week ago 019b3836-404b-706b-ba4c-80007448ffdc
medium codex ETH payout path ignores CALL failure after mutating balances 0xb244abeae1a7e1e5d6da9008098bbeecec067c56 $0.78 no 1 week ago 019b3836-404b-706b-ba4c-80007448ffdc
medium codex Callback-style allowance flow writes state before calling an untrusted contract 0x47e3b185398c178c89cad8bda809d037462008a9 $6.20 no 1 week ago 019b3836-4070-73ff-9bdf-855dfff3d504
low codex Public function 0xe4849b32 reaches a computed external CALL with ambiguous target/value 0x47e3b185398c178c89cad8bda809d037462008a9 $6.20 no 1 week ago 019b3836-4070-73ff-9bdf-855dfff3d504
high codex Sell/redeem path sends ETH before refreshing cached price, enabling reentrant stale-price withdrawals 0xa85e234d071e5acc1d91badd306ed601a38575e8 $28.52 no 1 week ago 019b3836-4073-7178-b5f9-dab237c894e6
medium codex Unchecked ETH payout call can finalize a redemption even when the transfer fails 0xa85e234d071e5acc1d91badd306ed601a38575e8 $28.52 no 1 week ago 019b3836-4073-7178-b5f9-dab237c894e6
medium codex Allowance accounting appears cumulative and is not reset on re-approval 0x13ec114ffdb980cdf470c45dcf45e544d15c4da6 $310.00 no 1 week ago 019b3836-4076-722b-8b7d-9857be4c7abf
low codex Custom approval path performs an unguarded external callback to a user-supplied contract 0x13ec114ffdb980cdf470c45dcf45e544d15c4da6 $310.00 no 1 week ago 019b3836-4076-722b-8b7d-9857be4c7abf
medium codex Multiple state-mutating entrypoints appear publicly callable with no caller-based authorization 0xa3069f217d3e29ff940a1975c2a1b3cdf2739173 $1,550.00 no 1 week ago 019b3836-4091-728c-9d51-13298306971b
low codex Owner-gated SELFDESTRUCT can permanently remove the contract 0xa3069f217d3e29ff940a1975c2a1b3cdf2739173 $1,550.00 no 1 week ago 019b3836-4091-728c-9d51-13298306971b
low codex Fallback path accepts ETH, which appears permanently unrecoverable 0x73d5a00f06e2469b94ca65e3f35796ebc3435eda $3,069.00 no 1 week ago 019b3836-428f-7263-b63a-be18c1ba24dd
critical codex Public selector `0x1d2bca17` can assign arbitrary balance to the caller 0x5fb7f726249ded65635bcebda9b292b026088a87 $3,100.00 no 1 week ago 019b3836-3c1c-73f1-8d3d-ffdb519bf95c
medium codex Same unguarded runtime path appears able to rewrite token metadata (`name`/`symbol`/`decimals`) 0x5fb7f726249ded65635bcebda9b292b026088a87 $3,100.00 no 1 week ago 019b3836-3c1c-73f1-8d3d-ffdb519bf95c
medium codex `transfer` decodes calldata without a length check 0x9b1e3948d22a1a56b2c49154c8768b3826d565dc $310.00 no 1 week ago 019b3836-3c58-7035-a958-137635a8c9c1
low codex Fallback path appears to accept ETH and likely traps it permanently 0x9b1e3948d22a1a56b2c49154c8768b3826d565dc $310.00 no 1 week ago 019b3836-3c58-7035-a958-137635a8c9c1
medium codex Public `update()` path can spend ETH from contract balance on oracle queries 0xcad333e2f7ec4058aa5ba825a5de8af4139490c9 $2.72 no 1 week ago 019b3836-3fab-72b2-b454-064ea28d2ebf
medium codex Oracle callback accepts any authorized sender response without validating a pending query id 0xcad333e2f7ec4058aa5ba825a5de8af4139490c9 $2.72 no 1 week ago 019b3836-3fab-72b2-b454-064ea28d2ebf
low codex Privileged kill switch can sweep balance via `SELFDESTRUCT` 0xcad333e2f7ec4058aa5ba825a5de8af4139490c9 $2.72 no 1 week ago 019b3836-3fab-72b2-b454-064ea28d2ebf
high codex Privileged path authenticates with tx.origin 0x97afa00f26e66bf96a7338e67ee945d1f3080b78 $1,703.78 no 1 week ago 019b3836-3d20-71d0-bbc3-03d9ecb53393
medium codex Core identity and payout logic are bound to tx.origin rather than the actual caller 0x97afa00f26e66bf96a7338e67ee945d1f3080b78 $1,703.78 no 1 week ago 019b3836-3d20-71d0-bbc3-03d9ecb53393
medium codex Low-level external calls ignore success and are followed by accounting writes 0x97afa00f26e66bf96a7338e67ee945d1f3080b78 $1,703.78 no 1 week ago 019b3836-3d20-71d0-bbc3-03d9ecb53393
medium codex Allowance overwrite race in `approve` and `approveAndCall` 0x89d64bc7e46bdc49a89652ae9bb167418cbad62e $0.00 no 1 week ago 019b3836-3d2f-7228-a456-cb5fe5dd8c99
low codex `totalSupply()` is tied to raw ETH balance, so forced ETH can desynchronize accounting 0x89d64bc7e46bdc49a89652ae9bb167418cbad62e $0.00 no 1 week ago 019b3836-3d2f-7228-a456-cb5fe5dd8c99
high codex Payout phase appears reenterable before round state is cleared 0xe724bf992be1849f3891ed0656c31d5096ea8862 $0.03 no 1 week ago 019b3836-3d36-73b6-80fd-0641ca3adbb2
high codex ETH transfers ignore CALL success and continue mutating state 0xe724bf992be1849f3891ed0656c31d5096ea8862 $0.03 no 1 week ago 019b3836-3d36-73b6-80fd-0641ca3adbb2
medium codex Winner selection relies on blockhash/timestamp entropy that can be biased 0xe724bf992be1849f3891ed0656c31d5096ea8862 $0.03 no 1 week ago 019b3836-3d36-73b6-80fd-0641ca3adbb2
high codex Queued payout is sent before the entry is marked paid 0xf767fca8e65d03fe16d4e38810f5e5376c3372a8 $620.00 no 1 week ago 019b3836-3d4a-716f-9c1a-88a7ebc5859e
medium codex Payout accounting advances even if the ETH transfer fails 0xf767fca8e65d03fe16d4e38810f5e5376c3372a8 $620.00 no 1 week ago 019b3836-3d4a-716f-9c1a-88a7ebc5859e
critical codex Unprotected ownership assignment lets any caller seize privileged control 0xc07ec6b6e3783b6855d000e104e44b3f86bbfc22 $62.00 no 1 week ago 019b3836-39ba-7004-a435-a288b804611b
high codex Unchecked low-level ETH payouts can silently fail while accounting still advances 0xc07ec6b6e3783b6855d000e104e44b3f86bbfc22 $62.00 no 1 week ago 019b3836-39ba-7004-a435-a288b804611b
medium codex Allowance accounting is nonstandard and can break ERC20 approval invariants 0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0 $310.00 no 1 week ago 019b3836-39c4-7362-8ad4-f82efcfdfaf7
low codex `approveAndCall` performs an untrusted callback after writing approval state 0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0 $310.00 no 1 week ago 019b3836-39c4-7362-8ad4-f82efcfdfaf7
high codex Payout loop performs external ETH send before advancing queue/accounting state 0x79c039d075bc3b86a7df63ebbe55fbc642b5220f $840.10 no 1 week ago 019b3836-39d7-7001-a2ca-2321dc5d26da
medium codex Unchecked low-level ETH sends can silently desynchronize internal accounting from actual transfers 0x79c039d075bc3b86a7df63ebbe55fbc642b5220f $840.10 no 1 week ago 019b3836-39d7-7001-a2ca-2321dc5d26da
medium codex Oracle callback appears to ignore the request id and operate on global state 0x33b202966bef633b952747c4955e404a0011fc63 $289.18 no 1 week ago 019b3836-39f1-72d0-8749-e1e69dbd631b
medium codex Refund and payout paths use unchecked low-level CALLs 0x33b202966bef633b952747c4955e404a0011fc63 $289.18 no 1 week ago 019b3836-39f1-72d0-8749-e1e69dbd631b
high codex Ignored CALL results let failed transfers silently corrupt accounting 0xbe46324018124b2d604c2f3eae91d3de9b388b09 $226.69 no 1 week ago 019b3836-39fd-7343-8d00-88249f6d3014
high codex Participant payout calls an untrusted recipient before advancing the payout cursor 0xbe46324018124b2d604c2f3eae91d3de9b388b09 $226.69 no 1 week ago 019b3836-39fd-7343-8d00-88249f6d3014
medium codex Inferred beneficiary fee sweep is reentrant until the fee balance is cleared 0xbe46324018124b2d604c2f3eae91d3de9b388b09 $226.69 no 1 week ago 019b3836-39fd-7343-8d00-88249f6d3014
high detector Untrusted CALL target/value reachable 0x4d3eaf7131a7bd414609f309c6b37d7488a33b51 $6,200.00 no 1 week ago 019b3836-3a01-72b6-ac1e-506671ed57de
high detector ETH value transfer possible 0x4d3eaf7131a7bd414609f309c6b37d7488a33b51 $6,200.00 no 1 week ago 019b3836-3a01-72b6-ac1e-506671ed57de
medium codex Approval accounting is cumulative and can permanently brick future approvals for a spender 0xb8b1a141a0307667042b2b937c52884b19801dfd $31.00 no 1 week ago 019b3836-37c1-705c-9971-0d72c6032c76
low codex `approveAndCall` grants allowance before an untrusted external callback 0xb8b1a141a0307667042b2b937c52884b19801dfd $31.00 no 1 week ago 019b3836-37c1-705c-9971-0d72c6032c76
medium codex Backend CALL return data is decoded without length or interface validation 0xc66ea802717bfb9833400264dd12c2bceaa34a6d $159,713.70 no 1 week ago 019b3836-37bb-71d2-9811-79d9de3d6ebf
medium codex Privileged authority is coupled to the live external backend 0xc66ea802717bfb9833400264dd12c2bceaa34a6d $159,713.70 no 1 week ago 019b3836-37bb-71d2-9811-79d9de3d6ebf
critical codex Anyone can seize the privileged owner slot 0xe82719202e5965cf5d9b6673b7503a3b92de20be $12,468.87 no 1 week ago 019b3836-3447-7312-aaa5-39b079e8086c
high codex Payout call to user-controlled recipient happens before payout state is cleared 0xe82719202e5965cf5d9b6673b7503a3b92de20be $12,468.87 no 1 week ago 019b3836-3447-7312-aaa5-39b079e8086c
medium codex ETH transfer results are ignored while bookkeeping still changes 0xe82719202e5965cf5d9b6673b7503a3b92de20be $12,468.87 no 1 week ago 019b3836-3447-7312-aaa5-39b079e8086c
medium codex External CALLs occur before later state writes in selectors 0x615664ba/0x6b1cb549 0xa3d4d7df3988d48c48728787cb5910a8a4cc4d26 $0.00 no 1 week ago 019b3836-37ce-7111-83e9-98179b7a225d
medium codex Withdrawal-like path decrements storage before CALL and ignores CALL failure 0xa3d4d7df3988d48c48728787cb5910a8a4cc4d26 $0.00 no 1 week ago 019b3836-37ce-7111-83e9-98179b7a225d