TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Low-level external calls ignore success and are followed by accounting writes 0x97afa00f26e66bf96a7338e67ee945d1f3080b78 $1,703.78 no 1 week ago 019b3836-3d20-71d0-bbc3-03d9ecb53393
medium codex Core identity and payout logic are bound to tx.origin rather than the actual caller 0x97afa00f26e66bf96a7338e67ee945d1f3080b78 $1,703.78 no 1 week ago 019b3836-3d20-71d0-bbc3-03d9ecb53393
medium codex Allowance overwrite race in `approve` and `approveAndCall` 0x89d64bc7e46bdc49a89652ae9bb167418cbad62e $0.00 no 1 week ago 019b3836-3d2f-7228-a456-cb5fe5dd8c99
low codex `totalSupply()` is tied to raw ETH balance, so forced ETH can desynchronize accounting 0x89d64bc7e46bdc49a89652ae9bb167418cbad62e $0.00 no 1 week ago 019b3836-3d2f-7228-a456-cb5fe5dd8c99
high codex Payout phase appears reenterable before round state is cleared 0xe724bf992be1849f3891ed0656c31d5096ea8862 $0.03 no 1 week ago 019b3836-3d36-73b6-80fd-0641ca3adbb2
high codex ETH transfers ignore CALL success and continue mutating state 0xe724bf992be1849f3891ed0656c31d5096ea8862 $0.03 no 1 week ago 019b3836-3d36-73b6-80fd-0641ca3adbb2
medium codex Winner selection relies on blockhash/timestamp entropy that can be biased 0xe724bf992be1849f3891ed0656c31d5096ea8862 $0.03 no 1 week ago 019b3836-3d36-73b6-80fd-0641ca3adbb2
high codex Queued payout is sent before the entry is marked paid 0xf767fca8e65d03fe16d4e38810f5e5376c3372a8 $620.00 no 1 week ago 019b3836-3d4a-716f-9c1a-88a7ebc5859e
medium codex Payout accounting advances even if the ETH transfer fails 0xf767fca8e65d03fe16d4e38810f5e5376c3372a8 $620.00 no 1 week ago 019b3836-3d4a-716f-9c1a-88a7ebc5859e
critical codex Unprotected ownership assignment lets any caller seize privileged control 0xc07ec6b6e3783b6855d000e104e44b3f86bbfc22 $62.00 no 1 week ago 019b3836-39ba-7004-a435-a288b804611b
high codex Unchecked low-level ETH payouts can silently fail while accounting still advances 0xc07ec6b6e3783b6855d000e104e44b3f86bbfc22 $62.00 no 1 week ago 019b3836-39ba-7004-a435-a288b804611b
medium codex Allowance accounting is nonstandard and can break ERC20 approval invariants 0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0 $310.00 no 1 week ago 019b3836-39c4-7362-8ad4-f82efcfdfaf7
low codex `approveAndCall` performs an untrusted callback after writing approval state 0xa5cafcf5a58c1b5f9c2b9c7d904fce3585a2d2c0 $310.00 no 1 week ago 019b3836-39c4-7362-8ad4-f82efcfdfaf7
high codex Payout loop performs external ETH send before advancing queue/accounting state 0x79c039d075bc3b86a7df63ebbe55fbc642b5220f $840.10 no 1 week ago 019b3836-39d7-7001-a2ca-2321dc5d26da
medium codex Unchecked low-level ETH sends can silently desynchronize internal accounting from actual transfers 0x79c039d075bc3b86a7df63ebbe55fbc642b5220f $840.10 no 1 week ago 019b3836-39d7-7001-a2ca-2321dc5d26da
medium codex Refund and payout paths use unchecked low-level CALLs 0x33b202966bef633b952747c4955e404a0011fc63 $289.18 no 1 week ago 019b3836-39f1-72d0-8749-e1e69dbd631b
medium codex Oracle callback appears to ignore the request id and operate on global state 0x33b202966bef633b952747c4955e404a0011fc63 $289.18 no 1 week ago 019b3836-39f1-72d0-8749-e1e69dbd631b
high codex Ignored CALL results let failed transfers silently corrupt accounting 0xbe46324018124b2d604c2f3eae91d3de9b388b09 $226.69 no 1 week ago 019b3836-39fd-7343-8d00-88249f6d3014
high codex Participant payout calls an untrusted recipient before advancing the payout cursor 0xbe46324018124b2d604c2f3eae91d3de9b388b09 $226.69 no 1 week ago 019b3836-39fd-7343-8d00-88249f6d3014
medium codex Inferred beneficiary fee sweep is reentrant until the fee balance is cleared 0xbe46324018124b2d604c2f3eae91d3de9b388b09 $226.69 no 1 week ago 019b3836-39fd-7343-8d00-88249f6d3014
medium codex Approval accounting is cumulative and can permanently brick future approvals for a spender 0xb8b1a141a0307667042b2b937c52884b19801dfd $31.00 no 1 week ago 019b3836-37c1-705c-9971-0d72c6032c76
low codex `approveAndCall` grants allowance before an untrusted external callback 0xb8b1a141a0307667042b2b937c52884b19801dfd $31.00 no 1 week ago 019b3836-37c1-705c-9971-0d72c6032c76
medium codex Backend CALL return data is decoded without length or interface validation 0xc66ea802717bfb9833400264dd12c2bceaa34a6d $159,713.70 no 1 week ago 019b3836-37bb-71d2-9811-79d9de3d6ebf
medium codex Privileged authority is coupled to the live external backend 0xc66ea802717bfb9833400264dd12c2bceaa34a6d $159,713.70 no 1 week ago 019b3836-37bb-71d2-9811-79d9de3d6ebf
critical codex Anyone can seize the privileged owner slot 0xe82719202e5965cf5d9b6673b7503a3b92de20be $12,468.87 no 1 week ago 019b3836-3447-7312-aaa5-39b079e8086c
high codex Payout call to user-controlled recipient happens before payout state is cleared 0xe82719202e5965cf5d9b6673b7503a3b92de20be $12,468.87 no 1 week ago 019b3836-3447-7312-aaa5-39b079e8086c
medium codex ETH transfer results are ignored while bookkeeping still changes 0xe82719202e5965cf5d9b6673b7503a3b92de20be $12,468.87 no 1 week ago 019b3836-3447-7312-aaa5-39b079e8086c
medium codex Withdrawal-like path decrements storage before CALL and ignores CALL failure 0xa3d4d7df3988d48c48728787cb5910a8a4cc4d26 $0.00 no 1 week ago 019b3836-37ce-7111-83e9-98179b7a225d
medium codex External CALLs occur before later state writes in selectors 0x615664ba/0x6b1cb549 0xa3d4d7df3988d48c48728787cb5910a8a4cc4d26 $0.00 no 1 week ago 019b3836-37ce-7111-83e9-98179b7a225d
medium codex `allowance()` appears to report gross approved amount, not remaining spendable allowance 0x3e485b680d8dff45e7d7880490ebe5514d369797 $31.00 no 1 week ago 019b3836-37c7-73c3-8dfa-3e196246c127
low codex Approval callback entrypoint performs an unguarded external CALL after approval state is written 0x3e485b680d8dff45e7d7880490ebe5514d369797 $31.00 no 1 week ago 019b3836-37c7-73c3-8dfa-3e196246c127
medium codex `allowance()` appears to report approved ceiling, not remaining spendable allowance 0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a $3.10 no 1 week ago 019b3836-361b-70a4-9b0e-3b9627dda5c8
low codex Approval callback performs a full-gas external call after writing approval 0x11dead58e5a21e6e46594fab6cd12e0a40de5e6a $3.10 no 1 week ago 019b3836-361b-70a4-9b0e-3b9627dda5c8
low codex `transfer(address,uint256)` is non-standard and appears to return no boolean 0x5a165b5223200a52a2e0286742aec6ab0e47bd93 $310.00 no 1 week ago 019b3836-34c1-7252-95ba-17c0617412e1
low codex Contract accepts ETH but bytecode shows no recovery path, so sent ETH can be trapped 0x5a165b5223200a52a2e0286742aec6ab0e47bd93 $310.00 no 1 week ago 019b3836-34c1-7252-95ba-17c0617412e1
low codex Fallback silently accepts ETH and unknown selectors 0x59e584653fc41fe9a0780c754ae5bcbc950f0269 $3,100.00 no 1 week ago 019b3836-352d-7269-a56d-dfd328dac9e7
low codex `allowance()` appears to return the approval cap, not the remaining spendable allowance 0xddda8fb5460883e68854d62d1eff8046a28c0352 $15.50 no 1 week ago 019b3836-3552-7107-8e60-11c183a7fd83
medium codex `allowance()` appears to expose total approved amount while `transferFrom()` enforces a separate cumulative-spend counter 0x01b25d1f778930769653ffabcd7e7afee0cdc84b $248.00 no 1 week ago 019b3836-3555-70ef-8007-1b2c005df2ea
low codex Fallback path appears payable and silently succeeds, which can trap ETH in the token contract 0x01b25d1f778930769653ffabcd7e7afee0cdc84b $248.00 no 1 week ago 019b3836-3555-70ef-8007-1b2c005df2ea
low codex Legacy silent-success semantics can mislead integrations 0x08b54d4f5877ee091e31e92523b9791df9efce93 $12.40 no 1 week ago 019b3836-356e-733b-b631-4f1e1b0cfb47
low codex Contract appears to accept ETH but exposes no visible recovery path 0x08b54d4f5877ee091e31e92523b9791df9efce93 $12.40 no 1 week ago 019b3836-356e-733b-b631-4f1e1b0cfb47
critical codex Legacy constructor-like initializer is still publicly callable and can mint balances 0x080781e41bbd4402a8b9f07df187b7391d707de7 $217.00 no 1 week ago 019b3836-35bd-7032-b1d3-60862afc5118
medium codex Allowance accounting is split across two mappings, so `allowance()` likely reports the approved cap, not remaining spendable amount 0x080781e41bbd4402a8b9f07df187b7391d707de7 $217.00 no 1 week ago 019b3836-35bd-7032-b1d3-60862afc5118
medium codex Allowance is written before an untrusted callback-style external CALL 0xaf04889fcd67560580b0dc544566e93743652020 $31.00 no 1 week ago 019b3836-35cc-723a-bcf6-7567ef2a2215
low codex Callback success is checked only at the CALL bit level; hook execution is not semantically validated 0xaf04889fcd67560580b0dc544566e93743652020 $31.00 no 1 week ago 019b3836-35cc-723a-bcf6-7567ef2a2215
high codex Selector 0xa9059cbb appears to grant authorization and invoke a callback instead of performing an ERC20 transfer 0x5fa85a5d220be1391eaeb66542f7e0afd6e461a9 $31.00 no 1 week ago 019b3836-35f6-70f6-b91f-9db2da6f60d7
medium codex Approval/callback path performs external CALL after state mutation with no detected guard 0x5fa85a5d220be1391eaeb66542f7e0afd6e461a9 $31.00 no 1 week ago 019b3836-35f6-70f6-b91f-9db2da6f60d7
critical codex Public unguarded initializer-like function can assign caller balance and rewrite token metadata 0xd7e021cd9096cc0ca642828c1045eb10c6b1ff2e $31.00 no 1 week ago 019b3836-360e-730b-adcd-d15852dc100d
low codex `allowance()` reports a gross approval ceiling, while `transferFrom` enforces a cumulative spent-allowance model 0x45ea918d9ca185aa54cc63ea0809ebd355a0935d $310.00 no 1 week ago 019b3836-3613-70ee-858a-687d59285edf
critical codex Public constructor-like function lets any caller mint/reset token state 0x2bf4a701470dfe06babd313926a1ebcdcd5806c1 $0.31 no 1 week ago 019b3836-3278-73cd-b85f-dc1b759c448b