TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Nominal ERC20 accounting makes fee-on-transfer collateral tokens insolvent 0x849f4081899305a1fd24aac84db5174eb60dc28e $41,313.94 no 1 week ago 019d5666-7204-7199-9428-87c933f7acea
high codex `fillOffer` can be reentered before `filledAmount` is updated, allowing overfilled orders 0x849f4081899305a1fd24aac84db5174eb60dc28e $41,313.94 no 1 week ago 019d5666-7204-7199-9428-87c933f7acea
high codex Anyone can call post-dispatch hooks directly for the current latest message 0x15b5d6b614242b118aa404528a7f3e2ad241e4a4 $41,345.31 no 1 week ago 019d5666-71ff-7060-88f6-c0d2b403a889
high codex Permissionless initializers let the first caller seize control and mint supply 0x15b5d6b614242b118aa404528a7f3e2ad241e4a4 $41,345.31 no 1 week ago 019d5666-71ff-7060-88f6-c0d2b403a889
high codex Referrer field is never validated, enabling self-referral and cyclic referral farming 0x80c1c65463427ea785fb7b03ba84b91f49f272eb $41,641.82 no 1 week ago 019d5666-71d1-72c0-baeb-d50b2b87dd1a
high codex Strategy execution uses owner-controlled DELEGATECALL with full vault-storage authority 0x0376a35639dac611c49327426db9b342cdb553b8 $41,773.31 no 1 week ago 019d5666-71b0-70e9-ab1a-1f24cbe5b1c0
high codex Owner can sweep arbitrary ETH/ERC20 balances to itself 0x0376a35639dac611c49327426db9b342cdb553b8 $41,773.31 no 1 week ago 019d5666-71b0-70e9-ab1a-1f24cbe5b1c0
high codex ETH distribution accounting is never persisted, so crossing the payout threshold can brick subsequent purchases 0xda9f13722fef7a6357944622f583285da14c90a5 $41,788.00 no 1 week ago 019d5666-71a5-72ca-9f63-c22da967b9db
high codex Signed payloads are not bound to a specific fund instance 0xba4f097d22f283e619873f8e034755fc2e5a7c90 $41,846.47 no 1 week ago 019d5666-7189-71df-84df-536a07997697
high codex Admin-style sale controls are publicly callable 0xe8741a1e198d90cf125389062fdbb686d9d9ca3b $41,850.00 no 2 weeks ago 019d4522-9aae-7105-9df9-871e21f05153
high codex Unprotected proxy initializer allows market takeover 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
high codex Computed DELEGATECALL targets reachable (potential arbitrary code execution in caller context) 0xd3f582f6b4814e989ee8e96bc3175320b5a540ab $0.00 no 2 months ago 019c0eab-41f8-709b-a0d5-a4b9b6478fe1
high codex Relayer refund can be reentered to withdraw multiple times 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
high codex Initializer callable by anyone enables hostile bridge configuration 0x3203e813930bd710043c1d899fe38dd359307352 $0.00 no 2 months ago 019c0ea9-c986-7300-a119-1cc3848d4c55
high codex Authorization uses tx.origin 0x9dc55070584ca0a58cdfe98eeb32b9a48dc9885c $42,772.61 no 2 months ago 019c0ea9-09c2-7372-be3e-5cedc6bce266
high codex Predictable/manipulable randomness for winner and jackpot selection 0x51e9244bae3fca7473fe48651dfd7db53aa55856 $42,830.95 no 2 months ago 019c0ea9-09bb-708b-a5eb-c7330d8c9ab3
high codex Initializer is publicly callable, enabling admin takeover if proxy is left uninitialized 0xfcf8eda095e37a41e002e266daad7efc1579bc0a $43,190.99 no 2 months ago 019c0ea9-0991-73a8-9d8e-2bfc551e719c
high codex Orders are unauthenticated, allowing relays to execute arbitrary trades or penalties against any trader 0xfca6a62a11cd75ef6506c4973a67c5b2a3d8915f $43,264.41 no 2 months ago 019c0ea9-0976-7128-8854-e104b5d873b5
high codex Multi-bridge transfers do not enforce payload consistency across adapters 0xb0614316d1f45a5da4b09b198cb6cd8fb44bb47b $43,396.86 no 2 months ago 019c0ea9-0954-73b5-b34f-d86eee9f9728
high codex Unprotected initialize allows hostile takeover of escrow market 0xd01159af63c39ef4de125ac3baa940893e8009cd $43,400.00 no 2 months ago 019c0ea9-094d-71d5-afa7-e616ff0989ab
high codex Pool can be permanently bricked after endBlock due to underflow in reward calculation 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
high codex Oracle price used without freshness/validity checks enables share mispricing 0x3a43aec53490cb9fa922847385d82fe25d0e9de7 $43,555.55 no 2 months ago 019c0ea9-0919-70a6-b4c7-3e776897cc66
high codex Authorization relies on tx.origin 0xde527099f9ecf94a67bc94c676694453f6bda781 $43,810.73 no 2 months ago 019c0ea9-08e3-7163-96ac-fbbb435f09e3
high codex Proposal hash omits assetId, enabling cross-asset replay within the same vault 0x99571e95db76b5cbc986ad1044ac73a0a7a09e28 $43,892.15 no 2 months ago 019c0ea9-08cc-7154-a38a-1d2d33f60a5c
high codex Authorization relies on tx.origin 0xbf96042d61937b1686b81557c3a92806f1727ecf $44,386.81 no 2 months ago 019c0ea9-0840-7237-af59-7bfbb24d83fa
high codex Computed DELEGATECALL target reachable (potential arbitrary code execution) 0xe63dc0b48fd13c888661bfb30d7069823f967f03 $44,592.73 no 2 months ago 019c0ea9-080e-72a0-9742-9404d6ac7052
high codex `fusionPartTwo` is publicly callable and bypasses fusion checks/interval 0x3d3097cd94fec5dc823e5025a59438e63757dc79 $44,677.61 no 2 months ago 019c0ea9-07f4-701b-ab0c-54bbd630ab82
high codex Nonce marked after external call allows reentrant replay of the same signed transaction 0x4d307525b22897ca07af7e34079397f3d7ae60a2 $44,850.97 no 2 months ago 019c0ea9-07c1-72fc-b499-c22be17f1945
high codex Relayer refund can be reentered before balance reset, enabling repeated refunds 0x50c02710b06d6addb864d6b038010ef6fa1bcd92 $44,959.89 no 2 months ago 019c0ea9-07b9-70a2-acc1-0b6c38a3ac98
high codex Unrestricted initialize allows proxy takeover if not initialized atomically 0xad16edcf7deb7e90096a259c81269d811544b6b6 $45,074.25 no 2 months ago 019c0ea9-07a4-7162-9dd3-67d9c56c3671
high codex Unprotected initializer allows takeover of uninitialized proxy 0x2791bca1f2de4661ed88a30c99a7a9449aa84174 $45,414.08 no 2 months ago 019c0ea9-076e-7168-9503-51be12255f63
high codex Liquidation drains entire pool and leaves staking accounting unchanged 0x89f0112a9c75d987686c608ca1840f9c7344b7ff $45,478.09 no 2 months ago 019c0ea9-075d-712a-a36b-c3913c2d8471
high codex Whitelisted game can unilaterally drain any holder’s tokens/ETH via payWithToken 0x8942a5995bd168f347f7ec58f25a54a9a064f882 $45,751.27 no 2 months ago 019c0ea9-0729-710d-aaed-64fc4dafe23a
high codex Computed DELEGATECALL target reachable (arbitrary code execution risk) 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 2 months ago 019be3d9-53a8-71a4-b1a8-306d54433492
high codex MF_ONE valuation uses unvalidated oracle price for share minting and TVL 0x71ea0eb2605bd63fe69012a60c75bdbd22e8b3d3 $0.00 no 2 months ago 019be3d8-dab2-7125-9844-e6c896367631
high codex Relayer can finalize arbitrary transfers without on-chain validation 0xc973d09e51a20c9ab0214c439e4b34dbac52ad67 $0.00 no 2 months ago 019be3d7-52ed-7231-975b-72409c137e98
high codex Unprotected initializer allows takeover of uninitialized proxy/clone 0x387a294a2b92387cf46714faa537f1f81d50c210 $0.00 no 2 months ago 019be3d6-c7d2-72ca-99c8-428dc13e465f
high codex Intervals claimed only incremented by 1 enables repeated over-claims 0x6097a40e38fa1aeea072babfaadea1f513e970a8 $0.00 no 2 months ago 019be3d6-b2a2-72f8-8ed2-aa2958ed78a5
high codex Spot Uniswap reserves used as price oracle enable manipulation of collateral and liquidations 0xe3fef783783f97c7647c1f108d1c561e5ec13f92 $46,280.85 no 2 months ago 019be3d6-8551-7286-84a9-a94929610231
high codex Computed DELEGATECALL targets enable arbitrary code execution if attacker-influenced 0x10314a9f673476f313a598778fea9cb694856500 $46,500.00 no 2 months ago 019be3d6-8525-715e-9ddd-0261e6dd9327
high codex Reentrancy in Collect allows draining more than balance 0xd84d16fc96cc69a21199454ed615c8bc66fb4026 $46,503.83 no 2 months ago 019be3d6-84e5-71ba-9f6c-009acf5f51d8
high codex SELFDESTRUCT sends funds to CALLER 0x30689375f7ae75fb85d3a9cb7058ff231dd9f91c $46,862.02 no 2 months ago 019be3d6-8492-73c8-8ec4-edb49b23a550
high codex Royalty accounting lets newly minted tokens claim past rewards 0x147aa9ada01b70c4c8c8b89b06afe767908aced7 $46,931.90 no 2 months ago 019be3d6-8480-72cd-9e22-b654093a3ebf
high codex Authorization based on tx.origin 0xabfec10802e69a5d63ec954bf16a9bdafb4590b9 $47,366.70 no 2 months ago 019be3d6-83d0-7125-a47e-4da78d411734
high codex Relayer can finalize arbitrary transfers without proof or fee verification 0xdbf24caff1470a6d08bf2ff2c6875bafc60cf881 $48,695.70 no 2 months ago 019be3d6-828a-71dc-80f1-1fb633b503be
high codex LAST_SUPPLY is reset instead of incremented, enabling repeated withdrawals of the same tranche 0xe617f1722955706bc487257439d9d61fd3a991a4 $49,600.00 no 2 months ago 019be3d6-81eb-73d7-8def-05c4bf0dd337
high codex ERC4626-style share inflation lets early depositor steal later deposits 0x15a86c79665b61a5747563d83aed3337821a8a79 $50,444.35 no 3 months ago 019bb50b-e0f2-711c-aedb-1c48d3e2f46f
high codex ERC721 withdrawals ignore egg membership, enabling theft of other eggs’ NFTs 0x3dfcb488f6e96654e827ab2ab10a463b9927d4f9 $50,542.40 no 3 months ago 019bb50b-e0d1-731c-aff5-13e0ff6392b6
high codex claimCreature can be called repeatedly to mint unlimited creatures per egg 0x3dfcb488f6e96654e827ab2ab10a463b9927d4f9 $50,542.40 no 3 months ago 019bb50b-e0d1-731c-aff5-13e0ff6392b6
high codex Unprotected initializer allows operator takeover 0x0b9f13ffab8448089f50073cf24bbe5c7bd8675a $0.00 no 3 months ago 019bb491-169f-736c-a71d-6f79af8f0433