TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Computed DELEGATECALL targets reachable (potential arbitrary code execution) 0x51bb7afb900f6676878a1e49966fcee29d4e449c $50,916.81 no 3 months ago 019bb490-f3b8-7256-b9da-08514f901ce6
high codex Approved operator can burn someone else’s NFT and steal the ETH backing 0xc315c1982efab100b4a3eca4035567358f85bbb2 $51,373.86 no 3 months ago 019bb490-f36f-70c4-96e3-f0e30d2d9ef1
high codex Computed DELEGATECALL target reachable (potential arbitrary code execution) 0x07cdb44fa1e7eceb638c12a3451a3dc9ce1400e4 $51,658.37 no 3 months ago 019bb490-f330-732b-874c-9489d47f6791
high codex Refunds do not burn/reclaim tokens, enabling free tokens on refund 0x3fd30f3e1fbf4f3ea6bdf3e3bb11826266708869 $51,744.30 no 3 months ago 019bb490-f318-736f-80a5-c2d60794689b
high codex Initializer can be called by anyone to become operator 0x03f34be1bf910116595db1b11e9d1b2ca5d59659 $51,882.41 no 3 months ago 019bb490-f311-7387-a624-2ced8b0052f8
high codex Computed DELEGATECALL target reachable (potential arbitrary code execution) 0x55ec809027ce7b71500561f24ed318424b90fa79 $52,112.70 no 3 months ago 019bb377-69f9-704e-b3a5-3d5c116c864f
high codex Minter can be set by any address once, enabling unauthorized mint/reset 0xc6b330df38d6ef288c953f1f2835723531073ce2 $52,230.71 no 3 months ago 019bb377-69d5-7349-915e-9672d06739b0
high codex Owner can set arbitrary fees and redirect fee wallets, enabling confiscatory transfers or trading freeze 0x6adb2e268de2aa1abf6578e4a8119b960e02928f $52,612.39 no 3 months ago 019bb377-69ba-721a-a2da-33713b7e41bf
high codex ClaimData entityUUID not bound to merkle leaf allows cross-entity claims and carry miscalculation 0x1a170e3bbc7d930677bb7a77f9979032fefebb25 $53,269.93 no 3 months ago 019bb377-6981-7258-b853-2ed456496df7
high codex Raffle can permanently revert when remainingURS is zero or exceeds totalTickets, locking tickets and refunds 0xd19fa1565564f552200ab656c3003d5868555539 $53,320.00 no 3 months ago 019bb377-6977-7248-ab58-bc41dc632e0d
high codex Authorization uses tx.origin (phishing/bypass risk) 0xb233cb2f0dce57a56bf732767f45ffc8650186c5 $53,685.37 no 3 months ago 019bb2d5-fd9c-70c1-9455-bdd1d8f6cc86
high codex Mint proceeds are trapped in Azaraks because PaymentSplitter never receives funds 0x0d8f1817c644101a915852841a3b5933b0b8dcc7 $54,021.22 no 3 months ago 019bb2d5-fd73-7212-bbeb-57b641057c57
high codex Authorization relies on tx.origin (phishable access control) 0x00055b597e0050405b27c90d21343b1eb5b74165 $54,364.06 no 3 months ago 019bb2d5-fd3e-73af-81be-e1af5c6d5e38
high codex Unprotected initialize allows hostile takeover of clones 0x24d937143d3f5cf04c72ba112735151a8cae2262 $0.00 no 3 months ago 019bb005-2254-73e9-85d1-87e7597e1544
high codex Computed DELEGATECALL target reachable (possible arbitrary code execution) 0x9cea88ee39b6cc09c478942bbf83bfa77d87b5f3 $0.00 no 3 months ago 019bb005-067a-72f6-9cc1-461f0f1a0847
high codex Buyout success never transfers listing tokens to offerer (tokens locked permanently) 0x90b6047da43a370a402fb1f88f4313faa34a923b $0.00 no 3 months ago 019bb004-d430-731f-a526-9f72bf0d193b
high codex Unprotected initializer allows proxy takeover if not initialized atomically 0x828b154032950c8ff7cf8085d841723db2696056 $54,741.24 no 3 months ago 019bb004-7b45-70c7-adb3-d1c5cb2846d2
high codex Computed DELEGATECALL target controlled by storage slot0 0x05ff2b0db69458a0750badebc4f9e13add608c7f $55,111.44 no 3 months ago 019bb004-7b0f-73a8-8090-aaa6e87c7325
high codex Offerer can never claim listing tokens after successful buyout 0xc6cc57767ac16c1ad20f507e11db1e5265034b09 $55,355.50 no 3 months ago 019bb004-7af0-71cd-ab6e-35bf05fc077a
high codex Referral fee causes over-distribution, leading to payout DoS or cross-audit fund drain 0xa1559cb92445cd39e3f8f16c3574e99850bc7b7d $55,529.41 no 3 months ago 019bb004-7aaa-7101-90e3-70d09190c5dd
high codex Computed DELEGATECALL target reachable (arbitrary code execution risk) 0x6c6210232654a5b57a576f9b4434f36e0b5d3768 $0.00 no 3 months ago 019bab3e-55f8-7003-b95c-b596b34c2a96
high codex Old committee members remain authorized after rotation 0x49643fc85fb1f25b6775ebbbdc69295d45105abc $0.00 no 3 months ago 019bab3d-f2be-72f8-a06f-15a39da6a9c7
high codex processAccounting ignores buffer/strategy assets, enabling share price manipulation 0xc1c5b18774d0282949331b719b5ea4a21cbc62c8 $0.00 no 3 months ago 019bab3d-c746-7355-af08-a01c5cba9495
high codex CALLCODE to computed target enables storage/context corruption 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 3 months ago 019bab3d-a735-71f5-99d9-235223139c05
high codex Unrestricted initializer allows takeover of uninitialized AToken instance/proxy 0x6faee7aac498326660ac2b7207b9f67666073111 $0.00 no 3 months ago 019bab3d-a126-71a9-ba02-d6d1d782d905
high codex Unprotected initializer can be hijacked to take ownership 0xb0d6eed90f8e497b867f557c44a49c8c81fa0a5d $0.00 no 3 months ago 019bab3c-acf0-7088-b150-fa883a5349a3
high codex Admin rescueAssets can withdraw unclaimed exit assets once vault is uncollateralized 0x927a83c679a5e1a6435d6bfaef7f20d4db23e2cc $0.00 no 3 months ago 019bab3c-4a33-7098-9325-ebfbff005bf9
high codex SNARK verification can be bypassed via tx.origin backdoor 0xb157dc78c2815280906a6730984a5e0dca65e247 $0.00 no 3 months ago 019bab3c-03ac-7154-aa8e-81b80b4bfd3c
high codex Unprotected initializer allows timelock takeover if proxy not initialized 0x8d1fa828e0b99f2cd9bec6c51ff11e97b502db8a $0.00 no 3 months ago 019bab3b-fcd0-7290-bd8b-dd7b4bf015df
high codex DELEGATECALL to external target (proxy-like risk) 0x06291eee038e94e8dec2b3bfb6e030c0b5615506 $56,236.72 no 3 months ago 019bab3b-ac85-70a7-83ce-dfd718c375d8
high codex Delegatecall to computed target enables arbitrary code execution if reachable 0x95fe5961368664c3da8879d7542149ddf0738d82 $56,641.81 no 3 months ago 019bab3b-ac6c-7220-8780-0b3cf4eedfd4
high codex Retired committee members remain authorized to process requests 0xf2139f5c8afb8a4d64084efc5532830774742830 $56,780.96 no 3 months ago 019bab3b-ac5a-722f-b716-e6968b11ca70
high codex Computed-target DELEGATECALL allows code execution in caller storage if user-controlled 0x60330141cf5911c14cdb400b7ad400b3c3dfdc7a $57,113.10 no 3 months ago 019bab3b-abf8-72ed-bfa4-d886cd417463
high codex Claim mints tokenId 0 for every NFT, causing claim DoS 0xde5d4949f445650325c7c8739610c3a979c7a6db $58,651.07 no 3 months ago 019bab3b-ab66-71c2-bd2e-5152da730c58
high codex Reentrancy in sendPayment enables multiple payouts 0xde5d4949f445650325c7c8739610c3a979c7a6db $58,651.07 no 3 months ago 019bab3b-ab66-71c2-bd2e-5152da730c58
high codex Reentrancy enables double-withdraw of staked VIRTUE 0x0dd5a35fe4cd65fe7928c7b923902b43d6ea29e7 $59,125.30 no 3 months ago 019bab3b-ab05-7055-bef7-363c9c09e395
high codex Unregistered address can execute BNFT deposit flow 0x00c452affee3a17d9cecc1bcd2b8d5c7635c4cb9 $59,182.72 no 3 months ago 019bab3b-aaee-7307-8a62-f0c903f3c8f8
high codex Owner can arbitrarily change fees and limits, enabling honeypot behavior 0xf20bc3b10b95cde1368a2f4219a63ed3fd8b9089 $59,327.00 no 3 months ago 019bab3b-aacf-703b-9022-3246f6b562b2
high codex Signed mint does not bind payment amount, enabling free or underpriced mints 0x69bcb93d13d1063335269e8602b009485abd3e87 $59,479.28 no 3 months ago 019bab3b-aaa7-70e2-8f3a-b33ac294d2ca
high codex Computed DELEGATECALL target allows potential arbitrary code execution 0x942a70014b6ba71ec84b16e1604fc76b1071eaf9 $63,551.24 no 3 months ago 019ba9bc-ec3c-738f-9671-9046fad6b6a8
high codex Pre-initialization call can permanently lock base indices and brick base actions 0x5d409e56d886231adaf00c8775665ad0f9897b56 $73,738.04 no 3 months ago 019ba940-88c4-712e-a280-97a8be91c73d
high codex Integer division order zeroes ownership for most investors, breaking dividends 0x007d42b9192b8c087b0d3e6ef73aae48e74b41c1 $105,400.00 no 3 months ago 019ba8f8-3f3e-728e-8b88-d1ef3d328f79
high codex Unprotected initializer enables ownership takeover on uninitialized proxy 0xa693b19d2931d498c5b318df961919bb4aee87a5 $137,409.56 no 3 months ago 019ba8df-e1c8-7388-9793-695c80d5a4e5
high codex Externally reachable CALLs to computed targets with possible ETH value 0xfd71d62a6dfe8b4e85a81f1d006e955f75aec922 $226,854.25 no 3 months ago 019ba8b4-4f35-706d-ba96-2c864ecaf949
high codex Unprotected reinitializer lets anyone set liquidityBuffer 0xe3cbd06d7dadb3f4e6557bab7edd924cd1489e8f $51,130,652.31 no 3 months ago 019ba5ca-c41d-73c2-8d74-6b616da61ddb
high codex Unrestricted arbitrary external call can drain ERC20/NFT balances 0xf90bbf5d9bcf95ce5aa5c28ce175541a288b599c $323,395.10 no 3 months ago 2a747c42-952c-4cd7-b048-b6a4a5a55726
high codex Public initializer enables ownership takeover when uninitialized 0x2d662361a828e67cd29b4070aad8c6914dc3309e $387,500.00 no 3 months ago c96090a4-5167-4be1-9f51-f3571b1b9bb9
high codex Unrestricted batch transfer drains contract-held tokens 0xb54ca24ac19098db42454c8ee8df67d260a22b1e $930,031.00 no 3 months ago b1bfdf89-3608-4fd0-b514-11fbacdbd4cd
high codex Unprotected initializer allows attacker to set recipient and sweep ERC20 balances 0x0a7d5c98d8b83bf36700c1c2fa03b3f10d1df2e8 $0.00 no 3 months ago f3e7c777-190e-4408-a4ce-7e7b7bb1ab2c
high codex Unprotected lazyInit lets attacker become host and drain treasury if uninitialized 0x85db6688de2c47c8acd5c4dff804e6d5740790e3 $115,675.14 no 3 months ago a9587494-c8ca-4fe1-bb88-33128e0a544a