TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low codex tx.origin-based gating/authorization is fragile and can be bypassed or break smart contract wallet support 0x0d6e11e2a3b2b3a245bf839c07d775983acb787d $62,362.35 no 3 months ago 019ba9bc-ecb2-71f9-8ac6-8e077355b1d4
medium codex Untrusted external CALLs reachable; reentrancy protection not proven in bytecode 0x2d77e33da8711dcf4a763205b8ea7ffbf51bcd83 $62,447.80 no 3 months ago 019ba9bc-ecac-7268-b8b5-3bcedc4f823b
low codex Potential ETH value forwarding in CALL with computed amount 0x2d77e33da8711dcf4a763205b8ea7ffbf51bcd83 $62,447.80 no 3 months ago 019ba9bc-ecac-7268-b8b5-3bcedc4f823b
low codex State updates occur after external CALL with value (possible reentrancy) 0x095bcc0130e7327ef673076ad840501ae523c705 $62,504.75 no 3 months ago 019ba9bc-ec9b-71e8-b15a-3e13ee1d617b
low codex Low-level CALLs to computed targets/values with unclear target validation 0x095bcc0130e7327ef673076ad840501ae523c705 $62,504.75 no 3 months ago 019ba9bc-ec9b-71e8-b15a-3e13ee1d617b
medium codex Ownership transfer calls assume success; misconfigured or non‑reverting PoolOwners can break trade invariants 0xa9375923ddb69cd32955f536a351007415c02696 $62,519.14 no 3 months ago 019ba9bc-ec96-7188-951c-3581e543fed0
low codex Unchecked ERC20 `transfer` return values can desync fee accounting 0xa9375923ddb69cd32955f536a351007415c02696 $62,519.14 no 3 months ago 019ba9bc-ec96-7188-951c-3581e543fed0
medium codex External vault rebalance can reduce assets without burning enough shares 0x82fe329f4a9c4bcedc8a33f004337d51921d55e4 $62,702.74 no 3 months ago 019ba9bc-ec83-7096-9b13-c03d92bd688b
medium codex Oracle bad-data flag ignored for borrow/solvency decisions 0x82fe329f4a9c4bcedc8a33f004337d51921d55e4 $62,702.74 no 3 months ago 019ba9bc-ec83-7096-9b13-c03d92bd688b
medium codex rebalanceDexVault can skip allowance reduction despite sending native value 0x264786ef916af64a1db19f513f24a3681734ce92 $62,993.54 no 3 months ago 019ba9bc-ec77-7229-831b-371cc06748e3
medium codex Computed CALL targets/values may allow unintended external calls with ETH 0x1edb8bded80e1b87ed19ee7d97ee80b4fdb615c1 $63,047.38 no 3 months ago 019ba9bc-ec6f-7149-8a86-ad2ee8cbb230
low codex CALL success handling unclear at pc 0x2f94 (possible silent failure) 0x1edb8bded80e1b87ed19ee7d97ee80b4fdb615c1 $63,047.38 no 3 months ago 019ba9bc-ec6f-7149-8a86-ad2ee8cbb230
medium codex External CALLs with computed target/value (possible arbitrary call or reentrancy if reachable) 0x8c0abc25baa0f3bb34090dae8cc8a04e8c32269b $63,054.79 no 3 months ago 019ba9bc-ec69-70a5-8b5c-76c8b17979a6
low codex tx.origin-based guard observed (EOA-only pattern; auth intent unclear) 0x8c0abc25baa0f3bb34090dae8cc8a04e8c32269b $63,054.79 no 3 months ago 019ba9bc-ec69-70a5-8b5c-76c8b17979a6
low codex CREATE2 opcode present (contract deployment capability) 0x8c0abc25baa0f3bb34090dae8cc8a04e8c32269b $63,054.79 no 3 months ago 019ba9bc-ec69-70a5-8b5c-76c8b17979a6
low codex SELFDESTRUCT opcode present (reachability/guards unknown) 0x8c0abc25baa0f3bb34090dae8cc8a04e8c32269b $63,054.79 no 3 months ago 019ba9bc-ec69-70a5-8b5c-76c8b17979a6
medium codex Computed CALL targets/values enable arbitrary external calls if reachable without auth 0xd4d96f9f45248fc8b25efaff4cccf1df05697257 $63,127.43 no 3 months ago 019ba9bc-ec62-71d0-9456-9e12b5762364
medium codex EOA-only registration is bypassable, enabling contract referrers to DoS payouts/registrations 0xae98b0e0c112b6d85ba32ff521b051f3fb2bafab $63,230.74 no 3 months ago 019ba9bc-ec5c-72bb-87db-2a9cdb3e9b64
low codex Dividend claims can silently fail and still be marked as claimed 0xae98b0e0c112b6d85ba32ff521b051f3fb2bafab $63,230.74 no 3 months ago 019ba9bc-ec5c-72bb-87db-2a9cdb3e9b64
low codex Ambassador whitelist can be bypassed via forced ETH transfers 0x510f9a9642ac14ded91629a1aad552be4b24b5f0 $63,288.90 no 3 months ago 019ba9bc-ec4f-704e-b7dc-fc8e546adf06
medium codex Randomness derived from block.timestamp/difficulty is biasable 0x026ef36a9fee2debbcc3dfc28a483ab7c985692f $63,527.30 no 3 months ago 019ba9bc-ec49-727e-9225-9a34729cb596
medium codex Low-level CALLs with computed targets/value and no detected reentrancy guard 0x026ef36a9fee2debbcc3dfc28a483ab7c985692f $63,527.30 no 3 months ago 019ba9bc-ec49-727e-9225-9a34729cb596
high codex Computed DELEGATECALL target allows potential arbitrary code execution 0x942a70014b6ba71ec84b16e1604fc76b1071eaf9 $63,551.24 no 3 months ago 019ba9bc-ec3c-738f-9671-9046fad6b6a8
medium codex Potential arbitrary external CALLs with value to computed targets 0x942a70014b6ba71ec84b16e1604fc76b1071eaf9 $63,551.24 no 3 months ago 019ba9bc-ec3c-738f-9671-9046fad6b6a8
medium codex Owner-reachable SELFDESTRUCT can permanently disable the contract 0xd32c59bdf5409842c0dec13a546a3916b7485694 $63,577.85 no 3 months ago 019ba9bc-ec32-7329-bfc3-da15d78dd649
medium codex Privileged low-level CALLs with ETH to computed targets (centralization risk) 0xd32c59bdf5409842c0dec13a546a3916b7485694 $63,577.85 no 3 months ago 019ba9bc-ec32-7329-bfc3-da15d78dd649
low codex User-accessible CALL with value has no explicit reentrancy guard 0xd32c59bdf5409842c0dec13a546a3916b7485694 $63,577.85 no 3 months ago 019ba9bc-ec32-7329-bfc3-da15d78dd649
medium codex earlyResolve signatures are reusable and not bound to withdrawal amount or updated deposit 0xe92fa4e3447a58753154364b329d2361b3b4cae4 $63,920.18 no 3 months ago 019ba9a5-c80f-73bd-a762-fe496feaf9d2
low codex Signatures are not domain separated (contract/chain replay possible) 0xe92fa4e3447a58753154364b329d2361b3b4cae4 $63,920.18 no 3 months ago 019ba9a5-c80f-73bd-a762-fe496feaf9d2
low codex regularTransfer does not enforce expirationTime 0xe92fa4e3447a58753154364b329d2361b3b4cae4 $63,920.18 no 3 months ago 019ba9a5-c80f-73bd-a762-fe496feaf9d2
medium codex Dynamic external CALLs with ETH value and untrusted targets 0x5d1b26d762b1973b8b7c2bfb196ba2ed969daf18 $65,790.78 no 3 months ago 019ba9a5-c764-7202-b5cc-8890a9ee60f9
low codex CREATE reachable (contract deployment capability) 0x5d1b26d762b1973b8b7c2bfb196ba2ed969daf18 $65,790.78 no 3 months ago 019ba9a5-c764-7202-b5cc-8890a9ee60f9
low codex Low-level CALL return data not validated 0x5d1b26d762b1973b8b7c2bfb196ba2ed969daf18 $65,790.78 no 3 months ago 019ba9a5-c764-7202-b5cc-8890a9ee60f9
high codex Pre-initialization call can permanently lock base indices and brick base actions 0x5d409e56d886231adaf00c8775665ad0f9897b56 $73,738.04 no 3 months ago 019ba940-88c4-712e-a280-97a8be91c73d
medium codex Oracle freshness not validated (stale price risk) 0x5d409e56d886231adaf00c8775665ad0f9897b56 $73,738.04 no 3 months ago 019ba940-88c4-712e-a280-97a8be91c73d
critical codex DELEGATECALL to computed, varying targets 0x6a13cbb3a3ecd7e8d74636f79c4a09acb1f85606 $77,500.00 no 3 months ago 019ba92a-2ffb-70a4-a200-12dbf33d78b7
low codex CALL with computed target/value can transfer ETH (conditional external-call risk) 0x6a13cbb3a3ecd7e8d74636f79c4a09acb1f85606 $77,500.00 no 3 months ago 019ba92a-2ffb-70a4-a200-12dbf33d78b7
medium codex Chainlink price feeds used without freshness/positivity checks 0x4c406c068106375724275cbff028770c544a1333 $81,763.61 no 3 months ago 019ba92a-2eeb-70f8-844a-5c395e4e1794
medium codex Flashloan callback not restricted to Balancer vault 0x4c406c068106375724275cbff028770c544a1333 $81,763.61 no 3 months ago 019ba92a-2eeb-70f8-844a-5c395e4e1794
medium codex Division-by-zero in `_withdrawToVault` when adapter net assets are zero 0x4c406c068106375724275cbff028770c544a1333 $81,763.61 no 3 months ago 019ba92a-2eeb-70f8-844a-5c395e4e1794
low codex Delegatecall to adapter/swapper trusts upgradeable targets with full storage access 0x4c406c068106375724275cbff028770c544a1333 $81,763.61 no 3 months ago 019ba92a-2eeb-70f8-844a-5c395e4e1794
medium codex External accountLevels call enables reentrancy and order overfill 0x3c020e014069df790d4f4e63fd297ba4e1c8e51f $93,418.38 no 3 months ago 019ba90f-831c-7330-83d3-a716e466e1d0
low codex ERC20 approve race condition 0x3c020e014069df790d4f4e63fd297ba4e1c8e51f $93,418.38 no 3 months ago 019ba90f-831c-7330-83d3-a716e466e1d0
low codex AccountLevelsTest allows arbitrary fee tier assignment 0x3c020e014069df790d4f4e63fd297ba4e1c8e51f $93,418.38 no 3 months ago 019ba90f-831c-7330-83d3-a716e466e1d0
medium codex Beacon proxy delegates to implementation supplied by external beacon (trust/upgrade risk) 0xf5b9f07d0a1fd110dacc7ab247fbc82ff5cbc25e $103,865.00 no 3 months ago 019ba8f8-3f8b-72b6-9acb-fb8a1947ce93
high codex Integer division order zeroes ownership for most investors, breaking dividends 0x007d42b9192b8c087b0d3e6ef73aae48e74b41c1 $105,400.00 no 3 months ago 019ba8f8-3f3e-728e-8b88-d1ef3d328f79
medium codex Unbounded investor loops allow gas‑limit DoS of deposits and dividends 0x007d42b9192b8c087b0d3e6ef73aae48e74b41c1 $105,400.00 no 3 months ago 019ba8f8-3f3e-728e-8b88-d1ef3d328f79
medium codex Unchecked `send` return values lead to silent payout failures and stuck funds 0x007d42b9192b8c087b0d3e6ef73aae48e74b41c1 $105,400.00 no 3 months ago 019ba8f8-3f3e-728e-8b88-d1ef3d328f79
medium codex Reentrancy via AccountLevels allows order overfill before orderFills update 0xbf29685856fae1e228878dfb35b280c0adcc3b05 $105,412.46 no 3 months ago 019ba8f8-3f30-70a7-ac13-16bb4d3c6474
low codex AccountLevelsTest allows anyone to set fee tier if used in production 0xbf29685856fae1e228878dfb35b280c0adcc3b05 $105,412.46 no 3 months ago 019ba8f8-3f30-70a7-ac13-16bb4d3c6474