TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Allowance accounting appears non-standard and can desynchronize from `allowance()` 0x2bf4a701470dfe06babd313926a1ebcdcd5806c1 $0.31 no 1 week ago 019b3836-3278-73cd-b85f-dc1b759c448b
medium codex All entrypoints appear payable, so ETH can be accepted and trapped permanently 0x629634c639d291516b0767aa328332d301ccfd19 $31.00 no 1 week ago 019b3836-3089-71bf-bfe6-7ae7d7c98526
low codex Inferred `transfer(address,uint256)` path lacks a zero-address recipient check 0x629634c639d291516b0767aa328332d301ccfd19 $31.00 no 1 week ago 019b3836-3089-71bf-bfe6-7ae7d7c98526
medium codex Privileged fund sweep via owner-gated SELFDESTRUCT 0x68ec09892d6b207bad8394bfe3572010c0c9dff9 $223.20 no 1 week ago 019b3836-31ad-7277-b6aa-d13e6daa98f7
low codex Unchecked stipend-style ETH transfer can silently fail and block the intended payout path 0x68ec09892d6b207bad8394bfe3572010c0c9dff9 $223.20 no 1 week ago 019b3836-31ad-7277-b6aa-d13e6daa98f7
low codex `allowance()` returns the approval ceiling, not the remaining spendable allowance 0x0e04c5e9406c48ecfd00642a2411454869281ef0 $0.31 no 1 week ago 019b3836-3301-73e6-bfec-b55d684e1f16
critical codex `transfer` uses unchecked arithmetic and permits balance underflow/overflow 0x216f59605793807b0ab628d04fcc58f645fc2a5d $3,115.58 no 1 week ago 019b3836-3313-7038-99db-1df5438c8f46
critical codex Unauthenticated balance-setting and reinitialization entrypoints 0x216f59605793807b0ab628d04fcc58f645fc2a5d $3,115.58 no 1 week ago 019b3836-3313-7038-99db-1df5438c8f46
medium codex `transferFrom` authorization appears non-standard and likely irrevocable 0xb6eec1405170fe0f4e0a5dc229ce1b42014886a8 $0.00 no 1 week ago 019b3836-330c-7234-bf43-76d468452bb2
low codex Hook-enabled transfer path performs an unguarded external call to a user-influenced target 0xb6eec1405170fe0f4e0a5dc229ce1b42014886a8 $0.00 no 1 week ago 019b3836-330c-7234-bf43-76d468452bb2
low codex Contract silently accepts ETH and may trap it permanently 0x45ce4512de50cb0c8d0b90030236d12c111dcea7 $6,510.00 no 1 week ago 019b3836-3293-70c7-aa45-17ca7dde363e
low codex Contract appears to accept ETH without an observable withdrawal or recovery path 0x5a4127a9109ac0878f07c099dd1cd328620e053b $93.00 no 1 week ago 019b3836-3266-71ee-9fc6-e14487ac5853
high codex Failed refund calls are ignored and residual ETH is swept to slot0 0xba8ee7ba243a363d1995812121bc3fdfa6052785 $465.00 no 1 week ago 019b3836-333c-73df-8c9f-e39c4a7e4486
high codex Refund finalization is reentrant before the contract is marked closed 0xba8ee7ba243a363d1995812121bc3fdfa6052785 $465.00 no 1 week ago 019b3836-333c-73df-8c9f-e39c4a7e4486
medium codex Payable fallback appears to accept contributions after the time gate 0xba8ee7ba243a363d1995812121bc3fdfa6052785 $465.00 no 1 week ago 019b3836-333c-73df-8c9f-e39c4a7e4486
critical codex Public initializer-style function can assign arbitrary balance and rewrite metadata 0x0d90b565cd67733f70c21fe38f355e3469012856 $248.00 no 1 week ago 019b3836-3005-71b8-a8ef-ecd5ea5d9540
low codex Contract appears payable and may permanently lock ETH 0x0d90b565cd67733f70c21fe38f355e3469012856 $248.00 no 1 week ago 019b3836-3005-71b8-a8ef-ecd5ea5d9540
high codex Unauthenticated record creation can steer later ETH payouts 0x9c9e98aba397c49e03ee2e4cf11c0effb8cc8135 $0.97 no 1 week ago 019b3836-2e59-708d-99c9-3db04a41b280
medium codex Payout path appears replayable and reentrancy-prone 0x9c9e98aba397c49e03ee2e4cf11c0effb8cc8135 $0.97 no 1 week ago 019b3836-2e59-708d-99c9-3db04a41b280
high codex Reachable SELFDESTRUCT appears callable without an entry-point authorization check 0x9be772434306514702f95bc60cc4c0910ca9a7c2 $3.10 no 1 week ago 019b3836-2e82-7165-9665-5fa332e35d61
medium codex Payout path updates storage before an unchecked external CALL 0x9be772434306514702f95bc60cc4c0910ca9a7c2 $3.10 no 1 week ago 019b3836-2e82-7165-9665-5fa332e35d61
high codex Publicly reachable SELFDESTRUCT path 0x8d06ce37c1ec69a0402688c3a9d34e583adcc88a $0.00 no 1 week ago 019b3836-2ec8-72a4-87d8-32f40c869605
high codex Public low-level CALL with ETH/value semantics and no success handling 0x8d06ce37c1ec69a0402688c3a9d34e583adcc88a $0.00 no 1 week ago 019b3836-2ec8-72a4-87d8-32f40c869605
critical codex Public selector can execute SELFDESTRUCT without visible authorization 0x19d55cebd35439f7e7815fa6e26993849395ac30 $0.00 no 1 week ago 019b3836-2ed5-709b-ab55-463b7a97c015
medium codex Public selector reaches raw CALL sink with possible ETH transfer 0x19d55cebd35439f7e7815fa6e26993849395ac30 $0.00 no 1 week ago 019b3836-2ed5-709b-ab55-463b7a97c015
low codex Contract accepts ETH, but no ETH recovery path is evident 0xc580f51ddb0867b4c782103118681176bc87d6f8 $3,410.00 no 1 week ago 019b3836-2ed9-7018-8e03-8fb134fda258
low codex `0xa9059cbb` transfer path appears non-standard and does not return a boolean 0xc580f51ddb0867b4c782103118681176bc87d6f8 $3,410.00 no 1 week ago 019b3836-2ed9-7018-8e03-8fb134fda258
medium codex Frozen/blacklisted spender can likely bypass restrictions through transferFrom 0x1f75047233517dcf67970d9e3c3bb385cb647f30 $31.00 no 1 week ago 019b3836-2cf4-7353-96b1-83115f1b65d9
medium codex Allowance accounting uses a separate spent ledger, so allowance() likely overstates remaining spendable approval 0x1f75047233517dcf67970d9e3c3bb385cb647f30 $31.00 no 1 week ago 019b3836-2cf4-7353-96b1-83115f1b65d9
low codex Fallback exposes an unchecked low-level CALL with ETH value 0x1f75047233517dcf67970d9e3c3bb385cb647f30 $31.00 no 1 week ago 019b3836-2cf4-7353-96b1-83115f1b65d9
high codex Owner-only mint can arbitrarily inflate supply 0x41a7820c86f4bea29e6c9239aeb0fbdba12dd790 $3.10 no 1 week ago 019b3836-2d81-72b3-ba7f-1259b9b4588e
high codex Owner can freeze arbitrary senders via a hidden boolean mapping 0x41a7820c86f4bea29e6c9239aeb0fbdba12dd790 $3.10 no 1 week ago 019b3836-2d81-72b3-ba7f-1259b9b4588e
medium codex allowance() does not track remaining spend; transferFrom uses a separate spent-amount mapping 0x41a7820c86f4bea29e6c9239aeb0fbdba12dd790 $3.10 no 1 week ago 019b3836-2d81-72b3-ba7f-1259b9b4588e
low codex Fallback silently accepts arbitrary calldata and ETH 0x6e724ccc59c1a72f733a31b41c8594413363d80b $310.00 no 1 week ago 019b3836-2d7f-71dc-9831-d21ecfe711e8
low codex `transfer` is non-standard: no boolean return and throw-style failures consume all gas 0x6e724ccc59c1a72f733a31b41c8594413363d80b $310.00 no 1 week ago 019b3836-2d7f-71dc-9831-d21ecfe711e8
high codex Owner-controlled blacklist/freeze path can block selected holders from transferring 0x89205a3a3b2a69de6dbf7f01ed13b2108b2c43e7 $2,767.63 no 1 week ago 019b3836-2d66-70b7-8bcd-c67d896eb78c
medium codex Privileged mint function can inflate balances and total supply without any cap visible in bytecode 0x89205a3a3b2a69de6dbf7f01ed13b2108b2c43e7 $2,767.63 no 1 week ago 019b3836-2d66-70b7-8bcd-c67d896eb78c
low codex Allowance accounting appears non-standard: `allowance()` returns the approved cap, while `transferFrom` tracks spending in a separate mapping 0x89205a3a3b2a69de6dbf7f01ed13b2108b2c43e7 $2,767.63 no 1 week ago 019b3836-2d66-70b7-8bcd-c67d896eb78c
low codex Contract appears payable and can trap ETH permanently 0xbd247894dc95d7022363ac7c12a507a5db2e689c $71.26 no 1 week ago 019b3836-2d76-71c8-97dc-996004a4b3cf
low codex `transfer` decodes calldata without an explicit length check 0xbd247894dc95d7022363ac7c12a507a5db2e689c $71.26 no 1 week ago 019b3836-2d76-71c8-97dc-996004a4b3cf
high codex State-changing authorization/accounting path is keyed off tx.origin 0x55b9a11c2e8351b4ffc7b11561148bfac9977855 $13,246.61 no 1 week ago 019b3836-28c4-7299-bb59-544b4f97f4bc
medium codex External CALLs occur before storage/accounting updates on selector 0xfd6e248e 0x55b9a11c2e8351b4ffc7b11561148bfac9977855 $13,246.61 no 1 week ago 019b3836-28c4-7299-bb59-544b4f97f4bc
low codex ABI entrypoints lack calldata length validation 0xf8fda34d8376327d223e547d044c253ecf8d40c4 $279.00 no 1 week ago 019b3836-28d6-7140-a070-9daf3631c187
low codex Contract accepts ETH but exposes no recovery path 0xf8fda34d8376327d223e547d044c253ecf8d40c4 $279.00 no 1 week ago 019b3836-28d6-7140-a070-9daf3631c187
high codex Public entrypoints can trigger non-zero-value external calls from contract balance 0x98f66626d9ddb4688ef7aed01e32375d04ca1f7d $21.80 no 1 week ago 019b3836-2901-713f-8003-3b6a8dabb217
medium codex Oracle/provider selection is publicly reconfigurable 0x98f66626d9ddb4688ef7aed01e32375d04ca1f7d $21.80 no 1 week ago 019b3836-2901-713f-8003-3b6a8dabb217
low codex Privileged kill-switch can selfdestruct the contract and sweep ETH 0x98f66626d9ddb4688ef7aed01e32375d04ca1f7d $21.80 no 1 week ago 019b3836-2901-713f-8003-3b6a8dabb217
low codex Contract accepts ETH with no visible recovery path 0x87adf4d3e1eb630d41405c6ea5c0021c5b6614ff $1.55 no 1 week ago 019b3836-24ca-7168-9a2d-3c548ff7765c
medium codex Unchecked hardcoded ETH sweep can silently trap funds 0xb5eb68417e27752b4da0aaf835b7fb3d74b46371 $0.00 no 1 week ago 019b3836-2695-700f-a0d0-7f5a831b9921
low codex Fallback and visible token methods appear payable, so ETH can be trapped 0xd82a1b174822778dfaa385529468577b700749a1 $620.00 no 1 week ago 019b3836-279d-701e-8206-b3db0d62d8ad