TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low codex Whitelist removal corrupts index mapping, making some recipients non-removable 0x3d88fc5d3fb84caf45011a790a994928789c31a8 $60,000.97 no 3 months ago 019bab3b-aa50-70a2-8a41-e573c49b0a5e
critical codex Hardcoded tx.origin bypass disables SNARK verification 0x9a3152b61420ed4d5e594c0b48bb932ee41b7376 $60,124.91 no 3 months ago 019bab3b-aa3a-72d1-b401-bae32ceffc05
medium codex Reward payout before state update enables reentrancy double-claims 0xa249ee8255df0aa00a15262b16bca3efd66c3e4c $60,260.56 no 3 months ago 019bab3b-aa19-71a6-879c-a96e48ff592a
medium codex Emergency withdrawal transfers before zeroing balances 0xa249ee8255df0aa00a15262b16bca3efd66c3e4c $60,260.56 no 3 months ago 019bab3b-aa19-71a6-879c-a96e48ff592a
low codex Unchecked ERC20 return values on reward transfers 0xa249ee8255df0aa00a15262b16bca3efd66c3e4c $60,260.56 no 3 months ago 019bab3b-aa19-71a6-879c-a96e48ff592a
medium codex Hardcoded DELEGATECALL grants external target full control over this contract’s storage 0xccefbf06e69039df9632ea8b5484a8890d46bbbc $60,558.93 no 3 months ago 019bab3b-a9f9-7335-a4c5-15d93b6096dc
medium codex External CALL before state update (potential reentrancy) 0xf564141bda167a0f2c87ffd4480be627d90fa954 $60,813.08 no 3 months ago 019bab3b-a9f0-7106-bd41-4d2ed4375abc
low codex External CALL targets/values are computed (audit address control) 0xf564141bda167a0f2c87ffd4480be627d90fa954 $60,813.08 no 3 months ago 019bab3b-a9f0-7106-bd41-4d2ed4375abc
medium codex Reward payout can be reentered before accounting updates 0x4dac3e07316d2a31baabb252d89663dee8f76f09 $61,154.96 no 3 months ago 019bab3b-a9ce-7222-9441-b6180eb0d007
low codex Reward transfers ignore ERC20 return values 0x4dac3e07316d2a31baabb252d89663dee8f76f09 $61,154.96 no 3 months ago 019bab3b-a9ce-7222-9441-b6180eb0d007
low codex Emergency withdraw always transfers zero tokens 0x4dac3e07316d2a31baabb252d89663dee8f76f09 $61,154.96 no 3 months ago 019bab3b-a9ce-7222-9441-b6180eb0d007
low codex Hardcoded msg.sender==0xffff… guards may lock privileged actions or rely on an unreachable admin 0xd0eabb5164c9dba0a2ee508f7e8d91d4d485637c $61,158.01 no 3 months ago 019ba9e0-be62-7229-9471-8381484dc66b
low codex Potential untrusted external CALL surface (computed target/value) with uncertain return-data handling 0xd0eabb5164c9dba0a2ee508f7e8d91d4d485637c $61,158.01 no 3 months ago 019ba9e0-be62-7229-9471-8381484dc66b
medium codex Timelock bypass for any destination via emergency selector match 0x67cb903ca9d07107784bc9398a75a0543524c353 $61,500.00 no 3 months ago 019ba9e0-be33-70d3-85ba-7d14b6e68e64
medium codex Unlock time persists after revocation, enabling immediate execution after re-confirmation 0x67cb903ca9d07107784bc9398a75a0543524c353 $61,500.00 no 3 months ago 019ba9e0-be33-70d3-85ba-7d14b6e68e64
medium codex Token deposits credit full amount without verifying actual tokens received 0x2101e480e22c953b37b9d0fe6551c1354fe705e6 $61,807.62 no 3 months ago 019ba9e0-be27-70f7-98f5-d834a3811afc
medium codex Packed hashing with string enables signature collisions in pTokenRedeemForUser 0x2101e480e22c953b37b9d0fe6551c1354fe705e6 $61,807.62 no 3 months ago 019ba9e0-be27-70f7-98f5-d834a3811afc
medium codex Computed external CALLs with value (untrusted target) enable arbitrary call/reentrancy risk 0xf542a254b5deef1583d2904be9a6477d89d8f1aa $62,000.00 no 3 months ago 019ba9e0-be1a-720c-aa5c-bb5b994622e9
low codex State slots 0 and 0xdead written without detected guards 0xf542a254b5deef1583d2904be9a6477d89d8f1aa $62,000.00 no 3 months ago 019ba9e0-be1a-720c-aa5c-bb5b994622e9
low codex CALLCODE present with computed target (delegatecall-like semantics) 0xf542a254b5deef1583d2904be9a6477d89d8f1aa $62,000.00 no 3 months ago 019ba9e0-be1a-720c-aa5c-bb5b994622e9
low codex Unchecked ERC-20 transfer return value in withdrawTokens 0x427a6f19d4331021c2cdaf5af9303e2491b90455 $62,000.00 no 3 months ago 019ba9e0-be13-7262-a66d-14f1ea70b0c1
low codex Unchecked ERC-20 transfer return value in withdrawTokens 0x1223548743c70da706ed1d6906eb1481b84e6214 $62,000.00 no 3 months ago 019ba9e0-be0f-71cd-b95f-c1bc1a4326c7
low codex Unchecked ERC-20 transfer return value in token withdrawal 0xdabc57de1960bcc9be192f48430de54a12c01d45 $62,000.00 no 3 months ago 019ba9e0-be09-7225-a9ae-b3b3775b0c51
low codex ERC20 transfer return value is unchecked in withdrawTokens 0x36fe34d48deb448b1b8d9db87b501b0c64f9d7a1 $62,000.00 no 3 months ago 019ba9e0-be02-717a-8473-2e66da369b7b
low codex Using `transfer` for Ether withdrawal can lock funds for contract owners 0x36fe34d48deb448b1b8d9db87b501b0c64f9d7a1 $62,000.00 no 3 months ago 019ba9e0-be02-717a-8473-2e66da369b7b
medium codex Proxy-like DELEGATECALL into external target (storage context risk) 0x61d64c69ee2b74d2f5739cbedee416ab6363804d $62,000.00 no 3 months ago 019ba9e0-bdfb-737a-89c9-bc7880d64276
critical codex Anyone can become executor and gain onlyAuth privileges (ITGToken) 0xb104df39250112eda59b27f5db7013c7ee132d50 $62,000.00 no 3 months ago 019ba9e0-bdf4-70c0-8613-6ae209cfb88c
medium codex Auxiliary contracts can be seized because owner is unset and setOwner is publicly callable 0xb104df39250112eda59b27f5db7013c7ee132d50 $62,000.00 no 3 months ago 019ba9e0-bdf4-70c0-8613-6ae209cfb88c
medium codex Division by zero and mispricing in 2nd/4th crowdsale pricing 0xb104df39250112eda59b27f5db7013c7ee132d50 $62,000.00 no 3 months ago 019ba9e0-bdf4-70c0-8613-6ae209cfb88c
medium codex Token lock bypass via transferFrom ignores locked holder 0xb104df39250112eda59b27f5db7013c7ee132d50 $62,000.00 no 3 months ago 019ba9e0-bdf4-70c0-8613-6ae209cfb88c
medium codex Potentially unguarded arbitrary CALL/ETH transfer entrypoints 0x80aa81029df9afdc70a621c86d7a81d7e9ed7e3a $62,000.00 no 3 months ago 019ba9e0-bdee-706f-88ec-43e0a30fb978
low codex External CALLs can reach state writes without a detected reentrancy guard 0x80aa81029df9afdc70a621c86d7a81d7e9ed7e3a $62,000.00 no 3 months ago 019ba9e0-bdee-706f-88ec-43e0a30fb978
medium codex Allowlisted executor can perform arbitrary external CALLs with ETH value 0xadd45159f83dada41bdd4b5c87fedafcccbdfbc6 $62,035.49 no 3 months ago 019ba9e0-bde8-721d-81bf-cec45f1439c0
low codex ERC20 transfer/transferFrom return values appear unchecked 0x123e33e6f65fe44314f863a24c58fdc2f5264f33 $62,041.68 no 3 months ago 019ba9e0-bde2-7288-8ffe-0e2a23d3c7d7
low codex External CALL to storage-derived target (possible untrusted call / reentrancy surface) 0x123e33e6f65fe44314f863a24c58fdc2f5264f33 $62,041.68 no 3 months ago 019ba9e0-bde2-7288-8ffe-0e2a23d3c7d7
medium codex Mining mints based on requested amount instead of actual tokens received 0x30c92c69d38cfacbb28081490f8cd7558d441903 $62,184.55 no 3 months ago 019ba9e0-bdd3-73a4-834d-be6cc25079ff
low codex Unchecked ERC20 transfer return values can silently fail in swaps and refunds 0x30c92c69d38cfacbb28081490f8cd7558d441903 $62,184.55 no 3 months ago 019ba9e0-bdd3-73a4-834d-be6cc25079ff
medium codex Dividend claims can revert due to division by zero 0x57b116da40f21f91aec57329ecb763d29c1b2355 $62,196.03 no 3 months ago 019ba9e0-bdc9-72e5-aa7a-9085659cd028
medium codex Raffle winner selection is miner/owner-influenced 0x57b116da40f21f91aec57329ecb763d29c1b2355 $62,196.03 no 3 months ago 019ba9e0-bdc9-72e5-aa7a-9085659cd028
low codex Attack flow breaks goo supply accounting 0x57b116da40f21f91aec57329ecb763d29c1b2355 $62,196.03 no 3 months ago 019ba9e0-bdc9-72e5-aa7a-9085659cd028
medium codex GoFastCaller leaves approvals in place, allowing previous recipients to drain future tokens 0x5afdab84d684a057d359498e40f38f433390e711 $0.00 no 3 months ago 019ba9bd-975f-73b1-8c6a-5aab9a2fbec6
low codex Permit-based order submission uses a global nonce that can be cheaply griefed 0x5afdab84d684a057d359498e40f38f433390e711 $0.00 no 3 months ago 019ba9bd-975f-73b1-8c6a-5aab9a2fbec6
medium codex tx.origin-based authorization/guard detected 0xa6f27fa3c60ec70d5ac7ea53cad339498bc1580e $0.00 no 3 months ago 019ba9bd-8206-7335-b79d-7b327b7d19bd
low codex External CALL with value; target/return handling unclear 0xa6f27fa3c60ec70d5ac7ea53cad339498bc1580e $0.00 no 3 months ago 019ba9bd-8206-7335-b79d-7b327b7d19bd
low codex Owner-only function can execute arbitrary external CALLs (computed target/value) 0xe97f36717a51fd61c54f35e8fb2ca49d82c121bd $0.00 no 3 months ago 019ba9bd-678e-713e-83c6-d1ece50b7ce0
medium codex Dex vault rebalance can skip native allowance decrement based on protocol-supplied return values 0xfb3102759f2d57f547b9c519db49ce1ffde15db2 $0.00 no 3 months ago 019ba9bd-3bd2-7165-b27e-350fe4b4d11c
low codex Global order nonce reused for Permit2 enables signature-griefing DoS 0xe7935104c9670015b21c6300e5b95d2f75474cda $62,265.99 no 3 months ago 019ba9bc-ecc2-7002-a340-f3bde419e7cf
low codex GoFastCaller leaves stale allowances to recipients 0xe7935104c9670015b21c6300e5b95d2f75474cda $62,265.99 no 3 months ago 019ba9bc-ecc2-7002-a340-f3bde419e7cf
medium codex Owner can swap token contract to arbitrary address and drain ProfitContainer 0x51ffc1b089392a5bb65bf24eaf04d07d0e6f88b5 $62,309.06 no 3 months ago 019ba9bc-ecbc-739d-b105-b2a1c740223d
low codex ERC20 approve race condition allows double-spend of allowances 0x51ffc1b089392a5bb65bf24eaf04d07d0e6f88b5 $62,309.06 no 3 months ago 019ba9bc-ecbc-739d-b105-b2a1c740223d