TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex `allowance()` appears to report gross approved amount, not remaining spendable allowance 0x3e485b680d8dff45e7d7880490ebe5514d369797 $31.00 no 1 week ago 019b3836-37c7-73c3-8dfa-3e196246c127
low codex Approval callback entrypoint performs an unguarded external CALL after approval state is written 0x3e485b680d8dff45e7d7880490ebe5514d369797 $31.00 no 1 week ago 019b3836-37c7-73c3-8dfa-3e196246c127
medium codex `allowance()` appears to report approved ceiling, not remaining spendable allowance 0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a $3.10 no 1 week ago 019b3836-361b-70a4-9b0e-3b9627dda5c8
low codex Approval callback performs a full-gas external call after writing approval 0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a $3.10 no 1 week ago 019b3836-361b-70a4-9b0e-3b9627dda5c8
low codex Contract accepts ETH but bytecode shows no recovery path, so sent ETH can be trapped 0x5a165b5223200a52a2e0286742aec6ab0e47bd93 $310.00 no 1 week ago 019b3836-34c1-7252-95ba-17c0617412e1
low codex `transfer(address,uint256)` is non-standard and appears to return no boolean 0x5a165b5223200a52a2e0286742aec6ab0e47bd93 $310.00 no 1 week ago 019b3836-34c1-7252-95ba-17c0617412e1
low codex Fallback silently accepts ETH and unknown selectors 0x59e584653fc41fe9a0780c754ae5bcbc950f0269 $3,100.00 no 1 week ago 019b3836-352d-7269-a56d-dfd328dac9e7
low codex `allowance()` appears to return the approval cap, not the remaining spendable allowance 0xddda8fb5460883e68854d62d1eff8046a28c0352 $15.50 no 1 week ago 019b3836-3552-7107-8e60-11c183a7fd83
medium codex `allowance()` appears to expose total approved amount while `transferFrom()` enforces a separate cumulative-spend counter 0x01b25d1f778930769653ffabcd7e7afee0cdc84b $248.00 no 1 week ago 019b3836-3555-70ef-8007-1b2c005df2ea
low codex Fallback path appears payable and silently succeeds, which can trap ETH in the token contract 0x01b25d1f778930769653ffabcd7e7afee0cdc84b $248.00 no 1 week ago 019b3836-3555-70ef-8007-1b2c005df2ea
low codex Legacy silent-success semantics can mislead integrations 0x08b54d4f5877ee091e31e92523b9791df9efce93 $12.40 no 1 week ago 019b3836-356e-733b-b631-4f1e1b0cfb47
low codex Contract appears to accept ETH but exposes no visible recovery path 0x08b54d4f5877ee091e31e92523b9791df9efce93 $12.40 no 1 week ago 019b3836-356e-733b-b631-4f1e1b0cfb47
critical codex Legacy constructor-like initializer is still publicly callable and can mint balances 0x080781e41bbd4402a8b9f07df187b7391d707de7 $217.00 no 1 week ago 019b3836-35bd-7032-b1d3-60862afc5118
medium codex Allowance accounting is split across two mappings, so `allowance()` likely reports the approved cap, not remaining spendable amount 0x080781e41bbd4402a8b9f07df187b7391d707de7 $217.00 no 1 week ago 019b3836-35bd-7032-b1d3-60862afc5118
medium codex Allowance is written before an untrusted callback-style external CALL 0xaf04889fcd67560580b0dc544566e93743652020 $31.00 no 1 week ago 019b3836-35cc-723a-bcf6-7567ef2a2215
low codex Callback success is checked only at the CALL bit level; hook execution is not semantically validated 0xaf04889fcd67560580b0dc544566e93743652020 $31.00 no 1 week ago 019b3836-35cc-723a-bcf6-7567ef2a2215
high codex Selector 0xa9059cbb appears to grant authorization and invoke a callback instead of performing an ERC20 transfer 0x5fa85a5d220be1391eaeb66542f7e0afd6e461a9 $31.00 no 1 week ago 019b3836-35f6-70f6-b91f-9db2da6f60d7
medium codex Approval/callback path performs external CALL after state mutation with no detected guard 0x5fa85a5d220be1391eaeb66542f7e0afd6e461a9 $31.00 no 1 week ago 019b3836-35f6-70f6-b91f-9db2da6f60d7
critical codex Public unguarded initializer-like function can assign caller balance and rewrite token metadata 0xd7e021cd9096cc0ca642828c1045eb10c6b1ff2e $31.00 no 1 week ago 019b3836-360e-730b-adcd-d15852dc100d
low codex `allowance()` reports a gross approval ceiling, while `transferFrom` enforces a cumulative spent-allowance model 0x45ea918d9ca185aa54cc63ea0809ebd355a0935d $310.00 no 1 week ago 019b3836-3613-70ee-858a-687d59285edf
critical codex Public constructor-like function lets any caller mint/reset token state 0x2bf4a701470dfe06babd313926a1ebcdcd5806c1 $0.31 no 1 week ago 019b3836-3278-73cd-b85f-dc1b759c448b
medium codex Allowance accounting appears non-standard and can desynchronize from `allowance()` 0x2bf4a701470dfe06babd313926a1ebcdcd5806c1 $0.31 no 1 week ago 019b3836-3278-73cd-b85f-dc1b759c448b
medium codex All entrypoints appear payable, so ETH can be accepted and trapped permanently 0x629634c639d291516b0767aa328332d301ccfd19 $31.00 no 1 week ago 019b3836-3089-71bf-bfe6-7ae7d7c98526
low codex Inferred `transfer(address,uint256)` path lacks a zero-address recipient check 0x629634c639d291516b0767aa328332d301ccfd19 $31.00 no 1 week ago 019b3836-3089-71bf-bfe6-7ae7d7c98526
medium codex Privileged fund sweep via owner-gated SELFDESTRUCT 0x68ec09892d6b207bad8394bfe3572010c0c9dff9 $223.20 no 1 week ago 019b3836-31ad-7277-b6aa-d13e6daa98f7
low codex Unchecked stipend-style ETH transfer can silently fail and block the intended payout path 0x68ec09892d6b207bad8394bfe3572010c0c9dff9 $223.20 no 1 week ago 019b3836-31ad-7277-b6aa-d13e6daa98f7
low codex `allowance()` returns the approval ceiling, not the remaining spendable allowance 0x0e04c5e9406c48ecfd00642a2411454869281ef0 $0.31 no 1 week ago 019b3836-3301-73e6-bfec-b55d684e1f16
critical codex `transfer` uses unchecked arithmetic and permits balance underflow/overflow 0x216f59605793807b0ab628d04fcc58f645fc2a5d $3,115.58 no 1 week ago 019b3836-3313-7038-99db-1df5438c8f46
critical codex Unauthenticated balance-setting and reinitialization entrypoints 0x216f59605793807b0ab628d04fcc58f645fc2a5d $3,115.58 no 1 week ago 019b3836-3313-7038-99db-1df5438c8f46
medium codex `transferFrom` authorization appears non-standard and likely irrevocable 0xb6eec1405170fe0f4e0a5dc229ce1b42014886a8 $0.00 no 1 week ago 019b3836-330c-7234-bf43-76d468452bb2
low codex Hook-enabled transfer path performs an unguarded external call to a user-influenced target 0xb6eec1405170fe0f4e0a5dc229ce1b42014886a8 $0.00 no 1 week ago 019b3836-330c-7234-bf43-76d468452bb2
low codex Contract silently accepts ETH and may trap it permanently 0x45ce4512de50cb0c8d0b90030236d12c111dcea7 $6,510.00 no 1 week ago 019b3836-3293-70c7-aa45-17ca7dde363e
low codex Contract appears to accept ETH without an observable withdrawal or recovery path 0x5a4127a9109ac0878f07c099dd1cd328620e053b $93.00 no 1 week ago 019b3836-3266-71ee-9fc6-e14487ac5853
high codex Refund finalization is reentrant before the contract is marked closed 0xba8ee7ba243a363d1995812121bc3fdfa6052785 $465.00 no 1 week ago 019b3836-333c-73df-8c9f-e39c4a7e4486
high codex Failed refund calls are ignored and residual ETH is swept to slot0 0xba8ee7ba243a363d1995812121bc3fdfa6052785 $465.00 no 1 week ago 019b3836-333c-73df-8c9f-e39c4a7e4486
medium codex Payable fallback appears to accept contributions after the time gate 0xba8ee7ba243a363d1995812121bc3fdfa6052785 $465.00 no 1 week ago 019b3836-333c-73df-8c9f-e39c4a7e4486
critical codex Public initializer-style function can assign arbitrary balance and rewrite metadata 0x0d90b565cd67733f70c21fe38f355e3469012856 $248.00 no 1 week ago 019b3836-3005-71b8-a8ef-ecd5ea5d9540
low codex Contract appears payable and may permanently lock ETH 0x0d90b565cd67733f70c21fe38f355e3469012856 $248.00 no 1 week ago 019b3836-3005-71b8-a8ef-ecd5ea5d9540
high codex Unauthenticated record creation can steer later ETH payouts 0x9c9e98aba397c49e03ee2e4cf11c0effb8cc8135 $0.97 no 1 week ago 019b3836-2e59-708d-99c9-3db04a41b280
medium codex Payout path appears replayable and reentrancy-prone 0x9c9e98aba397c49e03ee2e4cf11c0effb8cc8135 $0.97 no 1 week ago 019b3836-2e59-708d-99c9-3db04a41b280
high codex Reachable SELFDESTRUCT appears callable without an entry-point authorization check 0x9be772434306514702f95bc60cc4c0910ca9a7c2 $3.10 no 1 week ago 019b3836-2e82-7165-9665-5fa332e35d61
medium codex Payout path updates storage before an unchecked external CALL 0x9be772434306514702f95bc60cc4c0910ca9a7c2 $3.10 no 1 week ago 019b3836-2e82-7165-9665-5fa332e35d61
high codex Publicly reachable SELFDESTRUCT path 0x8d06ce37c1ec69a0402688c3a9d34e583adcc88a $0.00 no 1 week ago 019b3836-2ec8-72a4-87d8-32f40c869605
high codex Public low-level CALL with ETH/value semantics and no success handling 0x8d06ce37c1ec69a0402688c3a9d34e583adcc88a $0.00 no 1 week ago 019b3836-2ec8-72a4-87d8-32f40c869605
critical codex Public selector can execute SELFDESTRUCT without visible authorization 0x19d55cebd35439f7e7815fa6e26993849395ac30 $0.00 no 1 week ago 019b3836-2ed5-709b-ab55-463b7a97c015
medium codex Public selector reaches raw CALL sink with possible ETH transfer 0x19d55cebd35439f7e7815fa6e26993849395ac30 $0.00 no 1 week ago 019b3836-2ed5-709b-ab55-463b7a97c015
low codex Contract accepts ETH, but no ETH recovery path is evident 0xc580f51ddb0867b4c782103118681176bc87d6f8 $3,410.00 no 1 week ago 019b3836-2ed9-7018-8e03-8fb134fda258
low codex `0xa9059cbb` transfer path appears non-standard and does not return a boolean 0xc580f51ddb0867b4c782103118681176bc87d6f8 $3,410.00 no 1 week ago 019b3836-2ed9-7018-8e03-8fb134fda258
medium codex Frozen/blacklisted spender can likely bypass restrictions through transferFrom 0x1f75047233517dcf67970d9e3c3bb385cb647f30 $31.00 no 1 week ago 019b3836-2cf4-7353-96b1-83115f1b65d9
medium codex Allowance accounting uses a separate spent ledger, so allowance() likely overstates remaining spendable approval 0x1f75047233517dcf67970d9e3c3bb385cb647f30 $31.00 no 1 week ago 019b3836-2cf4-7353-96b1-83115f1b65d9