TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Dynamic external CALL with computed target/value (possible ETH forwarding) 0x92f1dbea03ce08225e31e95cc926ddbe0198e6f2 $107,160.29 no 3 months ago 019ba8ee-e13d-72b4-8059-646bb500cbfa
low codex External CALLs without detected reentrancy guard 0x92f1dbea03ce08225e31e95cc926ddbe0198e6f2 $107,160.29 no 3 months ago 019ba8ee-e13d-72b4-8059-646bb500cbfa
medium codex Dynamic low-level CALL with potential ETH transfer to untrusted target 0x37a9679c41e99db270bda88de8ff50c0cd23f326 $117,831.00 no 3 months ago 019ba8e4-06a8-73d5-a788-2dfde07f8fd0
low codex Unchecked return value from low-level CALL 0x37a9679c41e99db270bda88de8ff50c0cd23f326 $117,831.00 no 3 months ago 019ba8e4-06a8-73d5-a788-2dfde07f8fd0
high codex Unprotected initializer enables ownership takeover on uninitialized proxy 0xa693b19d2931d498c5b318df961919bb4aee87a5 $137,409.56 no 3 months ago 019ba8df-e1c8-7388-9793-695c80d5a4e5
high codex Externally reachable CALLs to computed targets with possible ETH value 0xfd71d62a6dfe8b4e85a81f1d006e955f75aec922 $226,854.25 no 3 months ago 019ba8b4-4f35-706d-ba96-2c864ecaf949
medium codex External calls occur before state update, enabling potential reentrancy 0xfd71d62a6dfe8b4e85a81f1d006e955f75aec922 $226,854.25 no 3 months ago 019ba8b4-4f35-706d-ba96-2c864ecaf949
low codex ERC20 transfer/approve return values are not checked 0xc0297a0e39031f09406f0987c9d9d41c5dfbc3df $0.00 no 3 months ago 019ba8a5-157a-7047-a168-5437b999232b
high codex Unprotected reinitializer lets anyone set liquidityBuffer 0xe3cbd06d7dadb3f4e6557bab7edd924cd1489e8f $51,130,652.31 no 3 months ago 019ba5ca-c41d-73c2-8d74-6b616da61ddb
medium codex Computed external CALL with value; access control/target constraints unclear 0xf207b2f9f9417fc73cad069f7aa5ae1c6a5b428d $55,216,062.40 no 3 months ago 019ba5b8-1c4c-7169-aef9-a25066552b6e
low codex CREATE opcode present; deployment capability may be unintentionally exposed 0xf207b2f9f9417fc73cad069f7aa5ae1c6a5b428d $55,216,062.40 no 3 months ago 019ba5b8-1c4c-7169-aef9-a25066552b6e
low codex Low-level CALL return status not explicitly validated 0xf207b2f9f9417fc73cad069f7aa5ae1c6a5b428d $55,216,062.40 no 3 months ago 019ba5b8-1c4c-7169-aef9-a25066552b6e
low codex Fallback-only proxy delegates all calls to implementation via DELEGATECALL 0xf207b2f9f9417fc73cad069f7aa5ae1c6a5b428d $55,216,062.40 no 3 months ago 019ba598-8769-7224-ad4c-1fe3fed93f25
info codex Implementation address is hardcoded (minimal proxy, no upgrade path) 0xf207b2f9f9417fc73cad069f7aa5ae1c6a5b428d $55,216,062.40 no 3 months ago 019ba598-8769-7224-ad4c-1fe3fed93f25
high codex Unrestricted arbitrary external call can drain ERC20/NFT balances 0xf90bbf5d9bcf95ce5aa5c28ce175541a288b599c $323,395.10 no 3 months ago 2a747c42-952c-4cd7-b048-b6a4a5a55726
high codex Public initializer enables ownership takeover when uninitialized 0x2d662361a828e67cd29b4070aad8c6914dc3309e $387,500.00 no 3 months ago c96090a4-5167-4be1-9f51-f3571b1b9bb9
high codex Unrestricted batch transfer drains contract-held tokens 0xb54ca24ac19098db42454c8ee8df67d260a22b1e $930,031.00 no 3 months ago b1bfdf89-3608-4fd0-b514-11fbacdbd4cd
high codex Unprotected initializer allows attacker to set recipient and sweep ERC20 balances 0x0a7d5c98d8b83bf36700c1c2fa03b3f10d1df2e8 $0.00 no 3 months ago f3e7c777-190e-4408-a4ce-7e7b7bb1ab2c
high codex Unprotected lazyInit lets attacker become host and drain treasury if uninitialized 0x85db6688de2c47c8acd5c4dff804e6d5740790e3 $115,675.14 no 3 months ago a9587494-c8ca-4fe1-bb88-33128e0a544a
critical codex Unprotected genesis/commit address initialization enables delegatecall takeover and fund drain 0xf2c351f22b148a9ff583a0f81701471a74e7338e $0.00 no 3 months ago 64fdfe11-456e-45f6-8615-c93b752c18eb
high codex Sold keys still count toward lucky pot distribution, enabling pot drain after selling 0xb453b2c67d70f1e19ce770296c7d2f35cb7cdfd8 $118,075.89 no 3 months ago 7fb51998-f809-4e92-b921-e783e72a0f6f
high codex Predictable airdrop RNG enables deterministic wins and draining airDropPot_ via constructor calls 0xf5fe6b716c0cd0e88059d8b3d8385c086012eb0e $118,219.32 no 3 months ago dc383973-a9df-4d52-9ed4-f43a225cee09
critical codex Unrestricted batch transfer allows draining ETH/ERC20 balances 0x30e3da29d03702ef45d2765feaa6e98b89195241 $0.00 no 3 months ago 73577ec6-1e74-4f61-9fee-a5ebf7f88ac0
critical codex Unprotected initializer allows ownership takeover if the contract is uninitialized 0xcd0eb8b89c43c3654b4f8d83eb38149327c1107c $0.00 no 3 months ago f517204f-a968-4a9f-8960-e187c975c3b2
critical codex Unprotected initialize allows ownership takeover and forged message withdrawals 0x341786048479f9f6ab7555e08ca2cdc4005ddec9 $0.00 no 3 months ago c39ceeb7-70db-44e9-8e1f-07ef0170dbac
high codex Per-Bloot mint cap bypass via balance-based check enables full supply capture 0x45c3844dea2e9fe9226524411de6d907188a1a9f $128,650.00 no 3 months ago 832463d7-9e93-4b74-bdd3-6d4bfa44b44d
high codex Unprotected initialize enables ownership takeover on uninitialized deployments 0xe5feb62fb34adba661b7c8256887a8b9a21c2278 $0.00 no 3 months ago 0b21ba73-c1f6-4b4c-8e29-104ce6180cba
critical codex Signature threshold can round down to zero, allowing proofs with no signatures on small validator sets 0x76bac85e1e82cd677faa2b3f00c4a2626c4c6e32 $131,004.64 no 3 months ago 61b6e8d3-1c26-43a5-ac80-2116ec147eeb
high codex Public buyback swaps all Whirlpool ETH with amountOutMin=0, enabling price manipulation to drain ETH 0x6db1c1b318275df254bb47c63e7f316380baf4be $131,959.27 no 3 months ago e6e1ae89-f441-48e7-a685-909fe0510b83
critical codex Unprotected external initializer enables ownership takeover and ETH drain if uninitialized 0x28083d8bce883aa7b70130c915cd4308448a6f1e $0.00 no 3 months ago 2763da7f-91ba-434d-8942-6b9a4e4ee8c5
critical codex Reentrant reward payout lets attackers claim the same rewards multiple times 0x60510caf94f3001651e3e83f5e0ebdd303758aae $139,150.78 no 3 months ago aaad28a3-b6c9-4817-a4d8-9f7fbf189252
critical codex Unprotected `setGenesisRootAndAddresses` lets attacker install malicious `zkSeaAddress` facet and drain funds via delegatecall 0x467a2b91f231d930f5eeb6b982c7666e81da8626 $0.00 no 3 months ago 95d6fcb3-dc31-4ad0-aad7-6796cf5b54e9
critical codex Reentrant splitDAO via withdrawRewardFor drains the main DAO balance 0xbb9bc244d798123fde783fcc1c72d3bb8c189413 $142,099.48 no 3 months ago 839a0dce-7e4a-416f-a10e-f6ca70c4e5cb
high codex Reentrant refund drains all funds if token creation fails 0xbb9bc244d798123fde783fcc1c72d3bb8c189413 $142,099.48 no 3 months ago 839a0dce-7e4a-416f-a10e-f6ca70c4e5cb
high codex Reentrant getMyReward drains rewardAccount 0xbb9bc244d798123fde783fcc1c72d3bb8c189413 $142,099.48 no 3 months ago 839a0dce-7e4a-416f-a10e-f6ca70c4e5cb
critical codex Uninitialized Bridge allows empty-signature withdrawals and/or initializer takeover 0x3f2e4e5a70f2a424d7c4e4e0323c878c77c20537 $0.00 no 3 months ago eca47d9b-d28d-4264-9f5c-73a33983661b
critical codex Unprotected initialize allows first caller to become sole signer and drain funds 0x43ffaa65fe273d2ef9edd78418091d41b1aa40e8 $0.00 no 3 months ago ce2e5a9a-c215-43ce-a3dd-14690402b335
critical codex Unprotected init() lets attacker become admin/executor and drain bridge funds 0x1bda1227875f0f8bb27625dd720f386b40003e14 $0.00 no 3 months ago 66199f28-d28d-4899-b8fd-5a726218d9b3
critical codex Unrestricted TokenGrant.receiveApproval lets anyone drain approved holders by creating grants to themselves 0xdf708431162ba247ddae362d2c919e0fbafcf9de $184,295.42 no 3 months ago 255dad02-bda3-4c93-9044-1ca2dfacc23f
critical codex Staking token can be selected as reward token, letting attacker withdraw all staked principal as rewards 0xa383c8390adbcd387db93babdf3f30308391bd57 $184,984.11 no 3 months ago e413baba-c804-4c21-b0e4-6aac90a2379e
high codex Publicly callable constructor-like function enables arbitrary minting 0xb6307611c06c57257ee2ad83beed39cc6650163e $212,009.00 no 3 months ago cb735c6e-3195-4e92-b44b-e34ec97fa506
critical codex Unprotected initialize enables attacker-controlled messenger and bridge takeover 0xa037b01bf218e87144446e9e87dd9dc58033fb57 $0.00 no 3 months ago 3fa32ee3-f6ed-4978-87cd-d4efcb7979e3
high codex Unprotected governance token initialization lets attacker become minter and drain DAO ETH 0x4f40e2f1edf9999124b2fcf26b04821e6ca7196d $0.00 no 3 months ago ff7f23a9-503b-490f-a989-b437a8f79cd7
critical codex Refund logic never consumes PANDA or enforces refundMap, enabling unlimited ETH redemptions 0x229cc0a81a1d6b4a2fc1452b3bd166462216e3f3 $216,476.99 no 3 months ago 50bc5866-a202-48b6-a7cd-e3e4d18a6a4c
medium codex Refunds do not reclaim tokens, enabling free tokens if soft cap is missed 0x12d5b7c26dd8dc6e2f71f5bf240d5e76452b2fe5 $253,846.35 no 3 months ago e6fd2d24-6eba-44aa-9a40-eae8d9f01e64
high codex Unprotected setup allows takeover of uninitialized Safe instances 0xb6029ea3b2c51d09a50b53ca8012feeb05bda35a $0.00 no 3 months ago 506a7469-4239-458c-8123-daf2bff25e39
critical codex Unprotected `initialize` lets first caller seize ownership and drain all cash 0x6c26c3abd3b8ac89adeb34db9d3a9fbb54a0060a $0.00 no 3 months ago 65a5bd7b-3587-490b-9faf-6447a94a5332
high codex AutoBoost reserve burn enables ETH‑neutral buy/sell loops that ratchet price upward 0xc618d56b6d606e59c6b87af724ab5a91eb40d1cb $281,927.44 no 3 months ago b84cc237-c90a-4d2a-a39b-3b8b6f7bf892
high codex Share inflation via donation + rounding-to-zero lets attacker steal later deposits 0xa6b658ce4b1cdb4e7d8f97dffb549b8688cafb84 $282,664.20 no 3 months ago 4a24a7a8-fa98-4282-90e6-77d327527635
critical codex Dividend distribution multiplies payouts when listed token sum is zero 0x25a06d4e1f804ce62cf11b091180a5c84980d93a $304,668.51 no 3 months ago 9e8b9e72-45c4-4568-9bc5-55a35670600e