TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low codex Chainlink answeredInRound not checked in price fetch 0xfd6db5011b171b05e1ea3b92f9eacaeeb055e971 $362,528.08 no 3 months ago b806a3f0-ce94-4e32-977e-bb6d911ba46b
medium codex adjust() trusts caller-supplied collateral amount, enabling undercollateralized minting with fee-on-transfer tokens 0x49c431454c40ecbf848096f2753b2abc3a699a10 $0.00 no 3 months ago d1e28cbb-a34f-4498-94e3-2391c9e61ac5
medium codex Uninitialized clones allow anyone to pass onlyOwner/ownerOrRoller checks 0x49c431454c40ecbf848096f2753b2abc3a699a10 $0.00 no 3 months ago d1e28cbb-a34f-4498-94e3-2391c9e61ac5
low codex ERC20 transfer/transferFrom return values are unchecked 0x49c431454c40ecbf848096f2753b2abc3a699a10 $0.00 no 3 months ago d1e28cbb-a34f-4498-94e3-2391c9e61ac5
medium codex Unprotected initializer allows takeover of uninitialized proxy modules 0x04ead25447f9371c5c1e2c33645f32aafeb337dc $0.00 no 3 months ago 4fbb62c4-4aab-4014-9fcc-2c357684d5a5
medium codex Shares minted on nominal deposit amount allow inflation with fee-on-transfer/rebasing tokens 0xace74f217aef8085f328cc1d73757d913b7eea39 $0.00 no 3 months ago f114d8d4-0fbe-4ad5-b83e-757493d1dc7d
low codex Upgrade scheduling lacks validation of implementation address 0xace74f217aef8085f328cc1d73757d913b7eea39 $0.00 no 3 months ago f114d8d4-0fbe-4ad5-b83e-757493d1dc7d
low codex doHardWorkWithoutRebalance resets totalInvested, breaking accounting and fee calculations 0xace74f217aef8085f328cc1d73757d913b7eea39 $0.00 no 3 months ago f114d8d4-0fbe-4ad5-b83e-757493d1dc7d
medium codex Fee-on-transfer/rebasing tokens can desync accounting and make withdrawals insolvent 0x38d43a6cb8da0e855a42fb6b0733a0498531d774 $321,629.01 no 3 months ago 4d2430de-9b62-4280-b240-500b58b1688c
high codex Unprotected initialize allows ownership takeover 0x0bc8c8212c0c74773671c4badb18999c2b07f3c6 $0.00 no 3 months ago 4bfc085c-4949-4583-ba5f-ccaa37b0cce6
high codex Signed execution appears replayable (no nonce/used-hash storage) 0x3ef1c8133d80665ec873ac41e152dda3251a7606 $389,012.80 no 3 months ago c73bdf6c-5147-4fd5-ad47-f180be523585
medium codex Slot0 can be set by anyone if it is zero (initializer-style bypass) 0x3ef1c8133d80665ec873ac41e152dda3251a7606 $389,012.80 no 3 months ago c73bdf6c-5147-4fd5-ad47-f180be523585
low codex ECDSA malleability not checked (no v/s validation) 0x3ef1c8133d80665ec873ac41e152dda3251a7606 $389,012.80 no 3 months ago c73bdf6c-5147-4fd5-ad47-f180be523585
medium codex Auto-accept uses unadjusted bid amount and skips bid validation 0xe5bfab544eca83849c53464f85b7164375bdaac1 $394,848.32 no 3 months ago 3fa187e1-76d0-4757-95f2-cd89d189d08b
medium codex Batch liquidations use potentially stale prices/interest for eligibility checks 0xefdf5ccc12d8cff4a7ed4e421b95f8f69cf2f766 $0.00 no 3 months ago 882b3f33-ba07-4c93-8fb6-781332075158
medium codex Reentrant reward claims can double-spend `rewardTokenAccrued` 0xefdf5ccc12d8cff4a7ed4e421b95f8f69cf2f766 $0.00 no 3 months ago 882b3f33-ba07-4c93-8fb6-781332075158
medium codex Initializer callable by anyone if proxy is left uninitialized 0xd899ac9283a44533c36bc8373f5c898b0d5fc03e $0.00 no 3 months ago b479bfda-eb37-43d5-85e2-1aa5c65f698f
low codex Deposits assume 1:1 transfers, enabling under-collateralization with fee-on-transfer tokens 0xd899ac9283a44533c36bc8373f5c898b0d5fc03e $0.00 no 3 months ago b479bfda-eb37-43d5-85e2-1aa5c65f698f
high codex Keeper-controlled currentBalance can arbitrarily skew pricePerShare and queued withdrawals 0xf3b466f09ef476e311ce275407cfb09a8d8de3a7 $390,642.76 no 3 months ago bb4cd4e4-bb89-4d72-9bad-ab081d2ed309
medium codex Owner can change vault asset/decimals mid-flight, breaking accounting and withdrawals 0xf3b466f09ef476e311ce275407cfb09a8d8de3a7 $390,642.76 no 3 months ago bb4cd4e4-bb89-4d72-9bad-ab081d2ed309
low codex Replayable signed quotes due to missing nonce/fill tracking 0x655edce464cc797526600a462a8154650eee4b77 $486,920.23 no 3 months ago 6135d45a-d0f2-4f1f-b22b-e68d02134baa
medium codex Guild bank token count can become stale after ragequit, blocking new tokens 0x4570b4faf71e23942b8b9f934b47ccedf7540162 $425,561.52 no 3 months ago 356c69af-f1b6-4b7b-9d55-3adb335fbcc5
low codex Token transfer toggles are callable by anyone 0x4570b4faf71e23942b8b9f934b47ccedf7540162 $425,561.52 no 3 months ago 356c69af-f1b6-4b7b-9d55-3adb335fbcc5
medium codex Chainlink oracle response not validated for freshness/positivity 0xc88f47067db2e25851317a2fdae73a22c0777c37 $402,169.66 no 3 months ago 448847a9-2a92-4f30-829c-c34a5fdc63f2
medium codex Uniswap TWAP pricing used without freshness/manipulation checks 0xc88f47067db2e25851317a2fdae73a22c0777c37 $402,169.66 no 3 months ago 448847a9-2a92-4f30-829c-c34a5fdc63f2
medium codex Fee-on-transfer tokens can inflate balances and drain pool 0xf047ab4c75cebf0eb9ed34ae2c186f3611aeafa6 $407,789.90 no 3 months ago 3b4bae17-4cc2-45cb-a041-6dc87f0fbe7a
low codex Unchecked ERC20 approve during migration can desync balances/allowances for non-standard tokens 0xf047ab4c75cebf0eb9ed34ae2c186f3611aeafa6 $407,789.90 no 3 months ago 3b4bae17-4cc2-45cb-a041-6dc87f0fbe7a
low codex ECDSA invalid signatures are not rejected (signer can become address(0)) 0x0000000aa232009084bd71a5797d089aa4edfad4 $581,261.31 no 3 months ago 0594de5c-02e2-4e9e-aa9a-5ac4784ca5ff
info codex Hook data length < 20 bytes can yield an uninitialized hook address and payload length underflow 0x0000000aa232009084bd71a5797d089aa4edfad4 $581,261.31 no 3 months ago 0594de5c-02e2-4e9e-aa9a-5ac4784ca5ff
medium codex Vault withdrawals burn the wrapper’s own balance instead of the keeper/vault balance 0xf70f54cefdcd3c8f011865685ff49fb80a386a34 $399,525.92 no 3 months ago ba6b42f8-a49d-4b6c-847d-144076fc5c13
low codex Deposits mint based on the requested amount, not actual assets received 0xf70f54cefdcd3c8f011865685ff49fb80a386a34 $399,525.92 no 3 months ago ba6b42f8-a49d-4b6c-847d-144076fc5c13
low codex Protocol fee can be paid once for multiple withdrawals via delegatecall batching 0xcf8ce57fa442ba50acbc57147a62ad03873ffa73 $746,018.15 no 3 months ago cecf6418-3be4-43ce-a779-aaed5728f72b
high codex Escrow initialization is externally callable without access control 0x8abf5358a88ca2586635d646aaaff172572fb0ed $0.00 no 3 months ago f5e42a86-2af2-44b4-88c7-d11e26872a6a
medium codex User-supplied oracle data can skew strike/premium and exercise costs if adapter is permissive 0x8abf5358a88ca2586635d646aaaff172572fb0ed $0.00 no 3 months ago f5e42a86-2af2-44b4-88c7-d11e26872a6a
low codex ERC20 transfers make external router calls, enabling DoS/reentrancy if router misbehaves 0x8abf5358a88ca2586635d646aaaff172572fb0ed $0.00 no 3 months ago f5e42a86-2af2-44b4-88c7-d11e26872a6a
medium codex Unbounded external rate inputs can be manipulated to skew swaps and liquidity accounting 0x463626cf9028d96ead5084954ff634f813d5ffb9 $211,459.22 no 3 months ago 9e1de2d3-25d7-4e30-afb1-b1b29d8f5bbb
medium codex Locks keyed only by secretHash allow overwrites that strand funds and corrupt liquidity accounting 0x0aec3b2dce260d75dbd0cc726200d09e6fa3ff35 $0.00 no 3 months ago 14edca3d-a300-4496-88e8-4affcadd669d
low codex Protocol fees deducted in `_applyFee` are not accounted in `collectedFeesByToken` 0x0aec3b2dce260d75dbd0cc726200d09e6fa3ff35 $0.00 no 3 months ago 14edca3d-a300-4496-88e8-4affcadd669d
high codex Reentrancy in _repay can overwrite debt shares and create unbacked debt 0xa2754543f69dc036764bbfad16d2a74f5cd15667 $331,700.32 no 3 months ago 4e0da3db-4110-44e1-8969-17c73f235b0a
medium codex Borrow does not verify vault custody of collateral NFT after transform 0xa2754543f69dc036764bbfad16d2a74f5cd15667 $331,700.32 no 3 months ago 4e0da3db-4110-44e1-8969-17c73f235b0a
low codex ERC20 transfer/approve return values ignored 0xc46fcd651bd6ac11255886feabdcebd58b870c86 $790,323.96 no 3 months ago ac00efd8-2b79-4247-9dc1-cd26d3fd67e8
medium codex Allowlist signatures lack domain separation, enabling replay across deployments/chains 0xc2f44bc508b6b50047a2f3afb1984ed105070be1 $459,858.91 no 3 months ago 2d99dc72-3bcb-485a-83e3-942ec19e9eec
medium codex Transfer-in accounting assumes full amounts received (fee-on-transfer tokens break invariants) 0x0f69f08f872f366ad8edde03dae8812619a17536 $446,813.37 no 3 months ago 2e4ab9d0-0558-46fd-8907-47cce41a791e
high codex Initializer and upgrade authorization depend on the ERC1967 admin slot, which is unset/unreachable in typical UUPS deployments 0xa4e6762eaaf259da74696f46faaf79ba9dde14e6 $0.00 no 3 months ago 4569b6c8-4f2a-475a-a123-61c4c377a66f
info codex Implementation resolved from hardcoded external beacon address 0x0de3bd836ea05d532084a8dcb7aa6efb843553dd $0.00 no 3 months ago cd0bc4f5-504b-4f92-97c3-48c47dc1a43f
low codex `depletionTimeOf` can underflow for near-solvent streams due to scaled rounding 0x3df2aaede81d2f6b261f79047517713b8e844e04 $339,767.18 no 3 months ago 5161ce87-41dd-4d44-b9c5-69a79104a9ad
low codex Fee-on-transfer/rebasing ERC20s can break stream accounting and lock withdrawals 0x3df2aaede81d2f6b261f79047517713b8e844e04 $339,767.18 no 3 months ago 5161ce87-41dd-4d44-b9c5-69a79104a9ad
medium codex Withdrawal factor validation checks the old value, enabling >100% withdrawals 0x6fb8aa6fc6f27e591423009194529ae126660027 $706,154.41 no 3 months ago 059a9a9c-9fcf-4692-a95e-f1561de0531b
low codex External reward transfers can fail silently after claims are marked used 0x6fb8aa6fc6f27e591423009194529ae126660027 $706,154.41 no 3 months ago 059a9a9c-9fcf-4692-a95e-f1561de0531b
medium codex Queued transfers bypass rate‑limit accounting 0x4d573bc8ce236be2609333206776c5b6fb8f4a10 $0.00 no 3 months ago 590ab4c5-8d96-47c8-9fc0-f26f3c909cb4