TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
critical codex Unprotected initialize enables full ownership takeover and fund drain 0x95ca2f7959f8848795dfb0868c1b0c59dd4e9330 $0.00 no 3 months ago 54a189c7-eb59-4516-a724-ee00cb577b26
critical codex Unprotected initializer lets anyone seize auctioneer role and upgrade to a draining master copy 0x2bae491b065032a76be1db9e9ecf5738afae203e $0.00 no 3 months ago 4b8be3d2-a217-469b-8019-21ef3302b0a8
high codex Unprotected auction initialization allows admin/wallet hijack and theft of sale tokens 0x364b7e2d5b11b9d2016d232fa271d89d5e6065f1 $0.00 no 3 months ago f737e1d0-6060-4221-9bb6-8d056f16705e
high codex Donation-based share inflation enables zero-share deposits and theft of subsequent deposits 0xace74f217aef8085f328cc1d73757d913b7eea39 $0.00 no 3 months ago ae144725-31b7-4efd-af05-6da20a974622
critical codex Unprotected initializer allows ownership takeover and full asset drain 0x0bc8c8212c0c74773671c4badb18999c2b07f3c6 $0.00 no 3 months ago caf881a5-f3a8-4b00-b6b0-31c41e3b5ede
critical codex LP tokens can be reused to claim settlement assets multiple times 0xf6a8e47daeeddcce297e7541523e27df2f167bf3 $0.00 no 3 months ago cc30122d-937e-4adf-b153-356118782e57
critical codex Unprotected initializer enables ownership takeover and ERC20 collateral drain 0x905d9368cf8a337c420bfb87705d2cdbb4e1c26a $0.00 no 3 months ago 454b8231-54e3-4154-96fc-ae4c5d6e8e6a
high codex Reentrant redeem can double-withdraw later assets in multi-token vault 0x1cb489ef513e1cc35c4657c91853a2e6ff1957de $0.00 no 3 months ago 8c5b2b5d-90da-42b1-a8ff-785f9a741c38
critical codex Anyone can seize governance when authorities/governanceContract are unset 0xc664692f38d2528710edbb74f65db6599bc7dee6 $0.00 no 3 months ago cb0e634a-87d9-4254-9a5c-e5cc62f645d9
critical codex Uninitialized deployment lets anyone become owner and drain all tokens 0xfc59ab348e0c0e789e914b0864f08cab98db1553 $0.00 no 3 months ago ff932ff9-2ce9-490b-9514-dd6f80ed85c1
high codex Anyone can reset the reentrancy guard via initializePoolV2, enabling reward inflation in deposit 0xfc59ab348e0c0e789e914b0864f08cab98db1553 $0.00 no 3 months ago ff932ff9-2ce9-490b-9514-dd6f80ed85c1
critical codex Unprotected initializer enables ownership/ISM takeover and forged mailbox messages to drain collateral 0x631953e16e8a57fc159e1fb1d92443c981b00770 $0.00 no 3 months ago 967eefc5-5d64-4367-893f-8979c65295be
critical codex trade() never updates currentBalances, enabling balance overwrite to mint margin 0xe883b3efdae637fc599b467478a23199778f2ccf $0.00 no 3 months ago 59e6c0db-cd2a-48a8-a2c9-c925486bfb0b
high codex Unprotected reinitializer enables ownership takeover and forged withdrawals 0x2ccd5486ea1b2a52dcd387c01314f6a328f66cbb $0.00 no 3 months ago ea503cad-40e9-45b2-b499-15207ca468f7
critical codex Unprotected initializer enables proxy hijack and arbitrary withdrawals 0xe80b4e0ed5e92d865f4708eee0e1564287a7d848 $0.00 no 3 months ago 3ca0b6ef-0a57-4afb-8a98-1b588ddcf7cd
high codex Unprotected initialize enables treasury hijack on uninitialized ATokenInstance 0xb2668573828029917ffbd1e76270373511818498 $0.00 no 3 months ago 1dde14e9-bcb7-465f-803b-2ce787c6e2d9
critical codex Unprotected migrateTo_3_3_0 lets attacker redirect USDC/USDT to a malicious interest implementation 0x8eb3b7d8498a6716904577b2579e1c313d48e347 $0.00 no 3 months ago 5373b42d-d0b8-4880-baf1-b7bff0ccb9fd
critical codex Unrestricted external initializer delegatecall enables proxy takeover and fund drain 0x8a4e51ff0f2a45899519e6049fb2d1f038be1e77 $0.00 no 3 months ago 8be6354b-23eb-41af-b543-f567f3434f60
low codex Unchecked low-level CALL return value in external call helper 0xe6c185e666f805001744a37ed709431caff8ad62 $149,509.82 no 3 months ago f647bb59-39e9-4a04-ae07-3770254f3a02
critical codex Multicall delegatecalls let callers spoof immutable args (token addresses/scales), enabling asset drainage 0xad24fc773e125edb223c38a39657cb64bc7c178e $152,873.52 no 3 months ago 0b182317-6fc8-49be-9b05-708e9dfa9460
low codex `initialize` is permissionless and can be front‑run 0xad24fc773e125edb223c38a39657cb64bc7c178e $152,873.52 no 3 months ago 0b182317-6fc8-49be-9b05-708e9dfa9460
medium codex Share inflation via donations can force zero-share mints and steal deposits 0x597ad1e0c13bfe8025993d9e79c69e1c0233522e $147,885.30 no 3 months ago caf2eb8b-4431-40aa-b249-a01dc82d0abe
medium codex Claims allowed before distribution finalization can overpay early claimers and underpay others 0x2fc945d48a4d61ec988f8cabffbe6f1efe07137f $155,582.60 no 3 months ago 3f2d111a-7816-44d3-96e0-e2fb4bbf15b1
low codex Balance-delta accounting breaks for rebasing/deflationary tokens 0x2fc945d48a4d61ec988f8cabffbe6f1efe07137f $155,582.60 no 3 months ago 3f2d111a-7816-44d3-96e0-e2fb4bbf15b1
low codex Unchecked ERC20 transfer return value can mark claims as paid without transferring 0x2fc945d48a4d61ec988f8cabffbe6f1efe07137f $155,582.60 no 3 months ago 3f2d111a-7816-44d3-96e0-e2fb4bbf15b1
high codex Initializer callable by anyone enables takeover of uninitialized proxy 0x04ead25447f9371c5c1e2c33645f32aafeb337dc $0.00 no 3 months ago f87396ab-be81-49d8-86db-2ad77e0251d8
medium codex Rebalances lack on-chain oracle deviation checks; price manipulation can skew liquidity mint/burn amounts 0x04ead25447f9371c5c1e2c33645f32aafeb337dc $0.00 no 3 months ago f87396ab-be81-49d8-86db-2ad77e0251d8
medium codex Pool shutdown ignores failed gauge withdrawals, risking permanent LP lock 0x27921a5cc29b11176817bbf5d6bad83830f71555 $151,856.91 no 3 months ago b912235e-edd4-44f6-a11e-2efc7ec4cf2e
low codex EIP-1271 signature validation ignores signature bytes and relies solely on preapproved hashes 0x27921a5cc29b11176817bbf5d6bad83830f71555 $151,856.91 no 3 months ago b912235e-edd4-44f6-a11e-2efc7ec4cf2e
medium codex Rollover can be bricked by non-zero allowances due to safeApprove usage 0xb380162a6a68f37b07503ba1543d0e623bd81c3c $0.00 no 3 months ago 87395c2a-feff-4e13-a7b4-1e8f47140792
medium codex Share pricing and rollovers rely on untrusted IMM price conversions 0xb380162a6a68f37b07503ba1543d0e623bd81c3c $0.00 no 3 months ago 87395c2a-feff-4e13-a7b4-1e8f47140792
low codex Deposits credit the requested amount instead of the actual received amount 0xb380162a6a68f37b07503ba1543d0e623bd81c3c $0.00 no 3 months ago 87395c2a-feff-4e13-a7b4-1e8f47140792
medium codex Unprotected initializer lets anyone set an arbitrary interest rate (can DoS or misconfigure pools) 0x37d3a44c905663d7b77c9b574b941d4fbf713a91 $157,747.39 no 3 months ago 6bce16a7-166b-4e6e-9125-80042db25735
low codex ERC20 transfer return values are ignored in multiple flows 0x6bf15a530314d80baa5560539d7f327f3dbe0eec $0.00 no 3 months ago f38f9d46-f7d2-43c8-86c7-36df1df3905a
medium codex Blacklist bypass allows blacklisted holders to redeem/withdraw via requestRedeem or third-party instantRedeem 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago c90b2943-76a6-46ae-b0e5-9947bd96c023
low codex Batch claim processing does not clear fee component from daily requirements 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago c90b2943-76a6-46ae-b0e5-9947bd96c023
high codex Unprotected initialize lets anyone set pool interest rate 0xa2ffdc7efef98469d11370d91c0a17dc83ec2bda $161,822.91 no 3 months ago 006ad5b9-da71-47b0-b31d-5bb56d063f46
medium codex Interest accrual can revert for high rate * elapsed, freezing the pool 0xa2ffdc7efef98469d11370d91c0a17dc83ec2bda $161,822.91 no 3 months ago 006ad5b9-da71-47b0-b31d-5bb56d063f46
medium codex Unchecked JPGD transfers and 1:1 accounting enable balance desync with non-standard/fee tokens 0x05fc48447e0ac445042823dd36e3e4ed2ffdf6cb $162,389.70 no 3 months ago f76b99f1-db73-4dfa-bc73-036c64ae0326
low codex Owner-controlled vesting start can indefinitely lock staked JPGD after snapshot 0x05fc48447e0ac445042823dd36e3e4ed2ffdf6cb $162,389.70 no 3 months ago f76b99f1-db73-4dfa-bc73-036c64ae0326
low codex Owner can withdraw any token, breaking solvency for stakers/claimants 0x05fc48447e0ac445042823dd36e3e4ed2ffdf6cb $162,389.70 no 3 months ago f76b99f1-db73-4dfa-bc73-036c64ae0326
medium codex Blacklist bypass via redeem paths and approvals 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago 7495aa02-8383-422c-8c74-0b63f8a7ce90
high codex Public supply functions let anyone move assets off the tracked provider, blocking withdrawals 0x83f798e925bcd4017eb265844fddabb448f1707d $159,466.24 no 3 months ago 25b64c9e-a9a5-474a-8faf-8e739aace6ae
medium codex Deposit can mint zero shares when pool>0 and totalSupply==0, permanently bricking new deposits 0x83f798e925bcd4017eb265844fddabb448f1707d $159,466.24 no 3 months ago 25b64c9e-a9a5-474a-8faf-8e739aace6ae
medium codex Signatures lack domain separation, enabling cross-contract/chain replay 0x717d0bf97ce58e14945f5e0320ee98381aeaddaf $0.00 no 3 months ago 0815ab6e-ac94-48f3-9332-fc564f6cd817
low codex Upgradeable implementation can be initialized directly 0x717d0bf97ce58e14945f5e0320ee98381aeaddaf $0.00 no 3 months ago 0815ab6e-ac94-48f3-9332-fc564f6cd817
medium codex Deposits credit the requested amount without verifying actual tokens received 0xb67d637b1301eeb56dba4555bbd15cd220f1aad6 $30,160.48 no 3 months ago fb8fd757-6def-433f-8414-4c2b5d1995b5
low codex Anyone can claim orders and choose the USD payout token, enabling bonus denial/griefing 0xb67d637b1301eeb56dba4555bbd15cd220f1aad6 $30,160.48 no 3 months ago fb8fd757-6def-433f-8414-4c2b5d1995b5
low codex Reward schedule can be set using staked principal or accrued rewards as backing 0xa17a8883da1abd57c690df9ebf58fc194edab66f $169,260.67 no 3 months ago f1cbd233-45c0-4ebf-9340-b7ed9fe4bae0
low codex Staking credits ignore actual received amount (fee-on-transfer token risk) 0xa17a8883da1abd57c690df9ebf58fc194edab66f $169,260.67 no 3 months ago f1cbd233-45c0-4ebf-9340-b7ed9fe4bae0