Tripwire

Find contracts. Test them. Review real vulns.

Confirmed Findings

2,205

crit 60 high 1157

All Findings

46,184

Across all runs

Chain

Mainnet focus

Signal Mix

24239

high severity in results

Findings

filter + triage

Severity

Tool

Validated

Confirmed

Min USD

Reset

Quick filters: candidate lane confirmed only critical high detector codex

Severity	Tool	Title	Address	Value USD	Validated	Confirmed	Found	Run
critical	codex	Unprotected initialize lets attacker overwrite subContracts and execute arbitrary delegatecall logic	0xdf2f24751f7e84ccdcd39e7b49904fab0fb0f583	$0.00	no	—	3 months ago	d7530101-36b1-4fae-8f33-0dec08c21c66
critical	codex	Unprotected initialize allows exchange takeover and full fund drain	0x674bdf20a0f284d710bc40872100128e2d66bd3f	$12,345,678.95	no	—	3 months ago	83c46581-935d-4c5c-8596-6954c0074eb5
critical	codex	Unprotected initialize lets an attacker set a fake messenger and drain the bridge	0xa0cfe8af2ab5c9232714647702dbacf862ea4798	$0.00	no	—	3 months ago	0fb93155-944c-4ca8-9339-4f05dc1ba13c
critical	codex	Unrestricted EIC delegatecall in initialize enables arbitrary code execution and fund drain	0x95ff25a59dc9c5a41cf0709dc916041e5dc7fd95	$0.00	no	—	3 months ago	cd9a2c6e-802a-4f64-9f36-2ed44f0a937c
critical	codex	Unprotected initializer enables full takeover and fund drain when not yet initialized	0xa9d1e08c7793af67e9d92fe308d5697fb81d3e43	$144,278,839.16	no	—	3 months ago	60ed7a90-3d7b-4616-abba-573f64440894
critical	codex	Unprotected v6 reinitializer allows arbitrary role assignment and escrow drain	0x07ddce60658a61dc1732cacf2220fce4a01c49b0	$0.54	no	—	3 months ago	bcd4586e-de87-48ab-b48b-5b7155755114
critical	codex	Unprotected initializer allows attacker to seize signer set and drain funds if uninitialized	0x0d424072d658e6abd92c36f8fc16fd6479ae15a0	$0.00	no	—	3 months ago	b7d05de1-6621-40c5-ac41-867be4e9149a
critical	codex	Unprotected initialize allows ownership takeover and collateral drain	0x817c51688c57ba79954e3063807128d61264acbf	$0.00	no	—	3 months ago	b83d9cb7-09ac-4e3f-afa9-1ff09b9e4430
critical	codex	Unprotected set_admin allows first caller to seize admin and drain all assets	0xb46adcd1ea7e35c4eb801406c3e76e76e9a46edf	$120,653.61	no	—	3 months ago	328cd4c7-d76b-47a7-b167-78e3f540fc39
critical	codex	Balance overwrite in `trade()` enables margin inflation and token drain	0xe883b3efdae637fc599b467478a23199778f2ccf	$0.00	no	—	3 months ago	3c0a61cc-d6d4-400c-9d03-c6477aef3dd7
critical	codex	Unprotected initializer lets attacker seize governorship and sweep collateral	0xf296b1113cc49ae4c6890e7b5dd3bed780407487	$0.00	no	—	3 months ago	a78d7adf-97d8-4219-b64c-a96e9aaf6364
critical	codex	Unprotected initializer lets attacker seize admin roles and drain borrowable stake	0xbe607a58206180fef691bf1b5ae9670174284388	$0.00	no	—	3 months ago	026f5e22-4c52-4371-8cca-df1aab8b9b96
critical	codex	Unprotected initialize enables full ownership takeover and fund drain	0x95ca2f7959f8848795dfb0868c1b0c59dd4e9330	$0.00	no	—	3 months ago	54a189c7-eb59-4516-a724-ee00cb577b26
critical	codex	Unprotected initializer lets anyone seize auctioneer role and upgrade to a draining master copy	0x2bae491b065032a76be1db9e9ecf5738afae203e	$0.00	no	—	3 months ago	4b8be3d2-a217-469b-8019-21ef3302b0a8
critical	codex	Unprotected initializer allows ownership takeover and full asset drain	0x0bc8c8212c0c74773671c4badb18999c2b07f3c6	$0.00	no	—	3 months ago	caf881a5-f3a8-4b00-b6b0-31c41e3b5ede
critical	codex	LP tokens can be reused to claim settlement assets multiple times	0xf6a8e47daeeddcce297e7541523e27df2f167bf3	$0.00	no	—	3 months ago	cc30122d-937e-4adf-b153-356118782e57
critical	codex	Unprotected initializer enables ownership takeover and ERC20 collateral drain	0x905d9368cf8a337c420bfb87705d2cdbb4e1c26a	$0.00	no	—	3 months ago	454b8231-54e3-4154-96fc-ae4c5d6e8e6a
critical	codex	Anyone can seize governance when authorities/governanceContract are unset	0xc664692f38d2528710edbb74f65db6599bc7dee6	$0.00	no	—	3 months ago	cb0e634a-87d9-4254-9a5c-e5cc62f645d9
critical	codex	Uninitialized deployment lets anyone become owner and drain all tokens	0xfc59ab348e0c0e789e914b0864f08cab98db1553	$0.00	no	—	3 months ago	ff932ff9-2ce9-490b-9514-dd6f80ed85c1
critical	codex	Unprotected initializer enables ownership/ISM takeover and forged mailbox messages to drain collateral	0x631953e16e8a57fc159e1fb1d92443c981b00770	$0.00	no	—	3 months ago	967eefc5-5d64-4367-893f-8979c65295be
critical	codex	trade() never updates currentBalances, enabling balance overwrite to mint margin	0xe883b3efdae637fc599b467478a23199778f2ccf	$0.00	no	—	3 months ago	59e6c0db-cd2a-48a8-a2c9-c925486bfb0b
critical	codex	Unprotected initializer enables proxy hijack and arbitrary withdrawals	0xe80b4e0ed5e92d865f4708eee0e1564287a7d848	$0.00	no	—	3 months ago	3ca0b6ef-0a57-4afb-8a98-1b588ddcf7cd
critical	codex	Unprotected migrateTo_3_3_0 lets attacker redirect USDC/USDT to a malicious interest implementation	0x8eb3b7d8498a6716904577b2579e1c313d48e347	$0.00	no	—	3 months ago	5373b42d-d0b8-4880-baf1-b7bff0ccb9fd
critical	codex	Unrestricted external initializer delegatecall enables proxy takeover and fund drain	0x8a4e51ff0f2a45899519e6049fb2d1f038be1e77	$0.00	no	—	3 months ago	8be6354b-23eb-41af-b543-f567f3434f60
critical	codex	Multicall delegatecalls let callers spoof immutable args (token addresses/scales), enabling asset drainage	0xad24fc773e125edb223c38a39657cb64bc7c178e	$152,873.52	no	—	3 months ago	0b182317-6fc8-49be-9b05-708e9dfa9460
critical	codex	Unprotected proxy initialization allows takeover of DutchExchange	0x039fb002d21c1c5eeb400612aef3d64d49eb0d94	$0.00	no	—	3 months ago	f48b1e81-4fa5-4c5d-a3aa-b4088c28d8f0
critical	codex	Unprotected initializer allows proxy takeover	0x2bae491b065032a76be1db9e9ecf5738afae203e	$0.00	no	—	3 months ago	a05c4fac-ff2e-4d67-b086-539db9c0a0b3
critical	codex	Unprotected initializer allows anyone to seize ownership and configure pool	0xf6a8e47daeeddcce297e7541523e27df2f167bf3	$0.00	no	—	3 months ago	90afe0c9-12a0-47b2-82ff-b59e5a092a6a
critical	codex	Unrestricted dispatcher initialize allows sub-contract takeover and arbitrary delegatecall	0x8c43c9bec15d82d153c52518030e0a9590abd35d	$0.00	no	—	3 months ago	3f64d8b1-7867-4b19-ac8a-e7491ef06aa9
critical	codex	Unsigned messages accepted when authority set is empty	0xc664692f38d2528710edbb74f65db6599bc7dee6	$0.00	no	—	3 months ago	fdefebf3-c8b5-4f78-bd33-56e8577739eb
critical	codex	Unprotected initializer allows arbitrary subcontract replacement and delegatecall execution	0x2c0df87e073755139101b35c0a51e065291cc2d3	$0.00	no	—	3 months ago	00827adf-489d-4605-a887-6e6ea5b81451
critical	codex	Unrestricted migrateTo_3_3_0 allows attacker-controlled interest implementation and token siphoning	0x8eb3b7d8498a6716904577b2579e1c313d48e347	$0.00	no	—	3 months ago	f4cc9992-10b3-41d9-89ef-eb26729f6005