TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Unprotected initializer lets attacker seize ownership and drain an uninitialized WorkLockPoolingContract 0xb9a42d02300f71ca23a100864fef2d5f82f7f833 $0.00 no 3 months ago b00078b8-5707-459e-bc53-8181625ba80b
high codex Late-buy launch-fund sniping allows capture of accumulated prelaunch dividends 0xe01e2a3ceafa8233021fc759e5a69863558326b6 $327,031.26 no 3 months ago 2265ad84-b13f-4a4d-8194-e5ed07374046
high codex Settler can mint WOLK to self in settleSeller without balance debit, then drain ETH via sellWolk 0x728781e75735dc0962df3a51d7ef47e798a7107e $332,552.87 no 3 months ago 5483ecc5-bdc1-4a5d-b18c-7e50f97f968e
critical codex Canceled-mode payback does not persist account updates, enabling unlimited repeated withdrawals 0xa33c4a314faa9684eeffa6ba334688001ea99bbc $337,218.84 no 3 months ago 9372adcb-18e9-434e-8e91-6dd4039515e2
high codex Phantom ERC20 deposits enable trading fake balances for real assets 0x373c55c277b866a69dc047cad488154ab9759466 $382,415.50 no 3 months ago 58a5a56b-8358-4516-9f42-50181b41b98b
high codex Uncapped vesting math lets a payee drain all funds after vesting completes 0x02874867a6d48713d9cf275b7324b790e9c1f7ee $381,502.31 no 3 months ago c9e2ed6f-0694-4735-963b-c9651c1e9ab6
critical codex USDT transferFrom/transfer return values ignored, enabling fake deposits and pooled USDT withdrawal 0x6f35a5e6a7301627a090822895e5e7209ed72f77 $400,489.31 no 3 months ago ce59d179-7b6b-44f3-a1f7-22805cde84e2
critical codex Unprotected initialize enables proxy hijack and full ETH drain 0x91630f5e28f1f30067b92a8d9d7b8e836afddf9b $0.00 no 3 months ago 24348e6d-d2c2-4182-b020-1b80c138a33b
critical codex Unprotected initialize enables proxy hijack and ETH/ERC20 drain 0xeee6207d514c2845394b5f4b9f12b6d155f4524b $0.00 no 3 months ago 07e0721c-c079-4dc1-be4b-4e123bb0d340
critical codex Unprotected initializer enables ownership takeover and collateral drain via rebalance 0x522a1bc31fa8d9421c29506d4e600aecefaa1b7d $0.00 no 3 months ago 32c00cf5-d812-497b-98d4-d7d523f95e8a
medium codex ETH purchases spend OptionsExchange’s own balance (no msg.value check) 0xde34d5e3f942b4543c309a0fb0461497e72c793c $589,155.82 no 3 months ago 1d90d876-5b62-4dc6-83d3-3dc515b7cc9f
critical codex Unprotected initialize allows proxy takeover and unlimited minting 0x9e021c9607bd3adb7424d3b25a2d35763ff180bb $0.00 no 3 months ago e0b6a8c2-69a3-42d6-9367-2fd03f2174f9
medium codex initializeV2_1 lets anyone sweep the contract’s own token balance 0x9e021c9607bd3adb7424d3b25a2d35763ff180bb $0.00 no 3 months ago e0b6a8c2-69a3-42d6-9367-2fd03f2174f9
high codex Arbitrary caller can drain any existing allowance by crafting grants 0x27321f84704a599ab740281e285cc4463d89a3d5 $726,697.96 no 3 months ago 99652185-f97f-481e-ba06-fdb49250a93c
critical codex TokenGrant.receiveApproval allows arbitrary grant creation using victims’ allowances, enabling immediate token theft 0xa7d9e842efb252389d613da88eda3731512e40bd $801,526.50 no 3 months ago 27854931-6298-47ab-a143-fe61a05b0147
high codex Unprotected Chainlink feed initialization enables malicious oracle and governance takeover to drain ETH 0x6f6e72033ca61c3e5f8b3dbdf85a53ad0a736ed5 $0.00 no 3 months ago d7018378-90c4-46b6-a672-58cf2cad3803
critical codex Public verifyState delegates to attacker-controlled target during upgrades, enabling arbitrary code execution and token drain 0xe9778e69a961e64d3cdbb34cf6778281d34667c2 $902,684.34 no 3 months ago 9669f033-142c-498f-a5e9-51ea916b6a54
high codex Flash-loan price manipulation drains ETH via zero-slippage publicSwap 0xaba513097f04d637727fdcda0246636e0d5d6833 $1,079,543.20 no 3 months ago 97cd6cda-535b-4091-acff-4edb553a0399
high codex Share inflation via direct donations lets the first depositor steal later deposits 0x35ffd6e268610e764ff6944d07760d0efe5e40e5 $1,385,920.03 no 3 months ago fb399128-ba48-4197-80c8-ca2078ffb9c9
high codex EIP712 domain omits chainId and verifying contract, enabling cross-contract order replay 0x241e82c79452f51fbfc89fac6d912e021db1a3b7 $2,288,604.15 no 3 months ago 0125e957-6d16-4951-9544-c9f5d3c64088
high codex Unprotected initialization allows anyone to seize ownership and drain funds if not yet initialized 0x14a635549fc5d087d39a0cd1339345b8b8c6fdba $6,290,639.88 no 3 months ago b7ce8ac8-0ea4-495f-80fb-6e8e679e5468
high codex Unprotected V3 reinitializer lets attacker become admin, swap chain-state verifier, and forge withdrawals 0x2c4df10a82cf077122ed99573aca6dacd76f2e67 $0.00 no 3 months ago 6b74e541-cb40-41fa-b381-0ac9cd0774ee
high codex Rounding-up in deposits lets dust mint full shares and drain accrued rewards 0xaeae7d602b537b2065f3da05dcce754fb23a968d $0.00 no 3 months ago d56f910c-3d71-409c-894a-2f145cc856af
critical codex Unprotected finalizeUpgrade_v2 enables LidoLocator hijack and buffered ETH theft 0x17144556fd3424edc8fc8a4c940b2d04936d17eb $0.00 no 3 months ago 5759b91b-cd68-448d-8e43-52ec0688cfdf
critical codex Unprotected initializeV5 allows attacker to seize migrator role and whitelist a drain recipient 0x5019d41b0737e39b51fd6da4859f3e27579e4e69 $0.00 no 3 months ago 398a83a4-3714-43fd-b57b-b5205efcfca4
critical codex Unprotected initialize lets attacker overwrite subContracts and execute arbitrary delegatecall logic 0xdf2f24751f7e84ccdcd39e7b49904fab0fb0f583 $0.00 no 3 months ago d7530101-36b1-4fae-8f33-0dec08c21c66
critical codex Unprotected initialize allows exchange takeover and full fund drain 0x674bdf20a0f284d710bc40872100128e2d66bd3f $12,345,678.95 no 3 months ago 83c46581-935d-4c5c-8596-6954c0074eb5
medium codex Floor rounding on share burn allows zero-share liquidations that drain yield 0xf113bfd6423291b1dd2ca76f897bff54456e7c88 $0.00 no 3 months ago 3430da73-4891-4fc2-bd51-e14bb3caa70e
critical codex Unprotected initialize lets an attacker set a fake messenger and drain the bridge 0xa0cfe8af2ab5c9232714647702dbacf862ea4798 $0.00 no 3 months ago 0fb93155-944c-4ca8-9339-4f05dc1ba13c
high codex First depositor share inflation can zero‑mint later deposits and steal their ABR 0xbbbd1bbb4f9b936c3604906d7592a644071de884 $14,867,814.55 no 3 months ago dbcf5643-b21f-40b3-a143-69185d9bdf76
high codex Replayable owner signatures due to missing domain separation in transaction hash 0x7da82c7ab4771ff031b66538d2fb9b0b047f6cf9 $31,881,464.38 no 3 months ago 2777b685-b8a7-47d0-87a2-7c35425b4f1b
high codex Phantom token deposits via malicious ERC20 let attacker trade unbacked balances for real assets 0x8d12a197cb00d4747a1fe03395095ce2a5cc6819 $47,393,993.66 no 3 months ago c0d05ecc-5a14-4ce1-9cc4-2b103799055d
critical codex Unrestricted EIC delegatecall in initialize enables arbitrary code execution and fund drain 0x95ff25a59dc9c5a41cf0709dc916041e5dc7fd95 $0.00 no 3 months ago cd9a2c6e-802a-4f64-9f36-2ed44f0a937c
high codex executeTxWithPermits allows reentrant double-execution of the same transaction 0x471756ad2124b04dc1c5c364ee6a9e29f8c3f67a $0.00 no 3 months ago 48761642-a2bb-4ad0-8c2c-796509a9987b
critical codex Unprotected initializer enables full takeover and fund drain when not yet initialized 0xa9d1e08c7793af67e9d92fe308d5697fb81d3e43 $144,278,839.16 no 3 months ago 60ed7a90-3d7b-4616-abba-573f64440894
critical codex Unprotected v6 reinitializer allows arbitrary role assignment and escrow drain 0x07ddce60658a61dc1732cacf2220fce4a01c49b0 $0.54 no 3 months ago bcd4586e-de87-48ab-b48b-5b7155755114
critical codex Unprotected initializer allows attacker to seize signer set and drain funds if uninitialized 0x0d424072d658e6abd92c36f8fc16fd6479ae15a0 $0.00 no 3 months ago b7d05de1-6621-40c5-ac41-867be4e9149a
critical codex Unprotected initialize allows ownership takeover and collateral drain 0x817c51688c57ba79954e3063807128d61264acbf $0.00 no 3 months ago b83d9cb7-09ac-4e3f-afa9-1ff09b9e4430
critical codex Unprotected set_admin allows first caller to seize admin and drain all assets 0xb46adcd1ea7e35c4eb801406c3e76e76e9a46edf $120,653.61 no 3 months ago 328cd4c7-d76b-47a7-b167-78e3f540fc39
critical codex Balance overwrite in `trade()` enables margin inflation and token drain 0xe883b3efdae637fc599b467478a23199778f2ccf $0.00 no 3 months ago 3c0a61cc-d6d4-400c-9d03-c6477aef3dd7
high codex Replayable signed transactions (no nonce/used-hash tracking) allow repeated withdrawals 0x135bbbf1903c61fa25596ee4e27b8f14ed968c04 $123,361.40 no 3 months ago e55a7ac9-46dc-47cb-8fd2-309875709a55
high codex Plaintext answer exposure lets any EOA drain the full balance 0x821ab5215e7970480d1d9c145632e5c15d3b8bbb $0.00 no 3 months ago da09a895-da60-46f6-92dd-2d365b3161b9
high codex Reverted blocks keep stale pendingWithdrawCommits, enabling withdrawals from invalid transitions 0xf86fd6735f88d5b6aa709b357ad5be22cedf1a05 $124,833.69 no 3 months ago 7cf066a0-1657-4bcb-bb21-4badff1e973d
high codex Answer leakage via Start calldata lets anyone claim the full balance 0xa46c2b718adfff25098417ad0b5d208c832260b1 $0.00 no 3 months ago 021898af-49a7-4060-b9dc-ad1f1631fb5b
high codex First-depositor share inflation via pre-deposit donation (rounding allows value extraction from later deposits) 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago 469feb27-7bd0-46d7-9fdc-ae3a5830bb40
medium codex Pending withdrawal fees are not reserved until claim, allowing LPs to reclaim them via instant redemption 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago 767cc303-78e9-4eed-93ad-02ea1836c1d3
critical codex Unprotected initializer lets attacker seize governorship and sweep collateral 0xf296b1113cc49ae4c6890e7b5dd3bed780407487 $0.00 no 3 months ago a78d7adf-97d8-4219-b64c-a96e9aaf6364
critical codex Unprotected initializer lets attacker seize admin roles and drain borrowable stake 0xbe607a58206180fef691bf1b5ae9670174284388 $0.00 no 3 months ago 026f5e22-4c52-4371-8cca-df1aab8b9b96
high codex Reentrant token transfer allows repeated withdrawals before balance update 0x039fb002d21c1c5eeb400612aef3d64d49eb0d94 $0.00 no 3 months ago 9c711161-870e-44a5-9dec-202386f236a2
medium codex Blacklisted holders can still redeem underlying via requestRedeem/instantRedeem 0xf2cd14f02b4fdc0d26681fbc7f60a11b8378f96d $0.00 no 3 months ago f8c17a8c-6af1-4eab-9c8d-d6d4b5f9b4a8