TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Sold keys still count toward lucky pot distribution, enabling pot drain after selling 0xb453b2c67d70f1e19ce770296c7d2f35cb7cdfd8 $118,075.89 no 3 months ago 7fb51998-f809-4e92-b921-e783e72a0f6f
high codex Predictable airdrop RNG enables deterministic wins and draining airDropPot_ via constructor calls 0xf5fe6b716c0cd0e88059d8b3d8385c086012eb0e $118,219.32 no 3 months ago dc383973-a9df-4d52-9ed4-f43a225cee09
high codex Per-Bloot mint cap bypass via balance-based check enables full supply capture 0x45c3844dea2e9fe9226524411de6d907188a1a9f $128,650.00 no 3 months ago 832463d7-9e93-4b74-bdd3-6d4bfa44b44d
high codex Unprotected initialize enables ownership takeover on uninitialized deployments 0xe5feb62fb34adba661b7c8256887a8b9a21c2278 $0.00 no 3 months ago 0b21ba73-c1f6-4b4c-8e29-104ce6180cba
high codex Public buyback swaps all Whirlpool ETH with amountOutMin=0, enabling price manipulation to drain ETH 0x6db1c1b318275df254bb47c63e7f316380baf4be $131,959.27 no 3 months ago e6e1ae89-f441-48e7-a685-909fe0510b83
high codex Reentrant refund drains all funds if token creation fails 0xbb9bc244d798123fde783fcc1c72d3bb8c189413 $142,099.48 no 3 months ago 839a0dce-7e4a-416f-a10e-f6ca70c4e5cb
high codex Reentrant getMyReward drains rewardAccount 0xbb9bc244d798123fde783fcc1c72d3bb8c189413 $142,099.48 no 3 months ago 839a0dce-7e4a-416f-a10e-f6ca70c4e5cb
high codex Publicly callable constructor-like function enables arbitrary minting 0xb6307611c06c57257ee2ad83beed39cc6650163e $212,009.00 no 3 months ago cb735c6e-3195-4e92-b44b-e34ec97fa506
high codex Unprotected governance token initialization lets attacker become minter and drain DAO ETH 0x4f40e2f1edf9999124b2fcf26b04821e6ca7196d $0.00 no 3 months ago ff7f23a9-503b-490f-a989-b437a8f79cd7
high codex Unprotected setup allows takeover of uninitialized Safe instances 0xb6029ea3b2c51d09a50b53ca8012feeb05bda35a $0.00 no 3 months ago 506a7469-4239-458c-8123-daf2bff25e39
high codex AutoBoost reserve burn enables ETH‑neutral buy/sell loops that ratchet price upward 0xc618d56b6d606e59c6b87af724ab5a91eb40d1cb $281,927.44 no 3 months ago b84cc237-c90a-4d2a-a39b-3b8b6f7bf892
high codex Share inflation via donation + rounding-to-zero lets attacker steal later deposits 0xa6b658ce4b1cdb4e7d8f97dffb549b8688cafb84 $282,664.20 no 3 months ago 4a24a7a8-fa98-4282-90e6-77d327527635
high codex Unprotected initializer lets attacker seize ownership and drain an uninitialized WorkLockPoolingContract 0xb9a42d02300f71ca23a100864fef2d5f82f7f833 $0.00 no 3 months ago b00078b8-5707-459e-bc53-8181625ba80b
high codex Late-buy launch-fund sniping allows capture of accumulated prelaunch dividends 0xe01e2a3ceafa8233021fc759e5a69863558326b6 $327,031.26 no 3 months ago 2265ad84-b13f-4a4d-8194-e5ed07374046
high codex Settler can mint WOLK to self in settleSeller without balance debit, then drain ETH via sellWolk 0x728781e75735dc0962df3a51d7ef47e798a7107e $332,552.87 no 3 months ago 5483ecc5-bdc1-4a5d-b18c-7e50f97f968e
high codex Phantom ERC20 deposits enable trading fake balances for real assets 0x373c55c277b866a69dc047cad488154ab9759466 $382,415.50 no 3 months ago 58a5a56b-8358-4516-9f42-50181b41b98b
high codex Uncapped vesting math lets a payee drain all funds after vesting completes 0x02874867a6d48713d9cf275b7324b790e9c1f7ee $381,502.31 no 3 months ago c9e2ed6f-0694-4735-963b-c9651c1e9ab6
high codex Arbitrary caller can drain any existing allowance by crafting grants 0x27321f84704a599ab740281e285cc4463d89a3d5 $726,697.96 no 3 months ago 99652185-f97f-481e-ba06-fdb49250a93c
high codex Unprotected Chainlink feed initialization enables malicious oracle and governance takeover to drain ETH 0x6f6e72033ca61c3e5f8b3dbdf85a53ad0a736ed5 $0.00 no 3 months ago d7018378-90c4-46b6-a672-58cf2cad3803
high codex Flash-loan price manipulation drains ETH via zero-slippage publicSwap 0xaba513097f04d637727fdcda0246636e0d5d6833 $1,079,543.20 no 3 months ago 97cd6cda-535b-4091-acff-4edb553a0399
high codex Share inflation via direct donations lets the first depositor steal later deposits 0x35ffd6e268610e764ff6944d07760d0efe5e40e5 $1,385,920.03 no 3 months ago fb399128-ba48-4197-80c8-ca2078ffb9c9
high codex EIP712 domain omits chainId and verifying contract, enabling cross-contract order replay 0x241e82c79452f51fbfc89fac6d912e021db1a3b7 $2,288,604.15 no 3 months ago 0125e957-6d16-4951-9544-c9f5d3c64088
high codex Unprotected initialization allows anyone to seize ownership and drain funds if not yet initialized 0x14a635549fc5d087d39a0cd1339345b8b8c6fdba $6,290,639.88 no 3 months ago b7ce8ac8-0ea4-495f-80fb-6e8e679e5468
high codex Unprotected V3 reinitializer lets attacker become admin, swap chain-state verifier, and forge withdrawals 0x2c4df10a82cf077122ed99573aca6dacd76f2e67 $0.00 no 3 months ago 6b74e541-cb40-41fa-b381-0ac9cd0774ee
high codex Rounding-up in deposits lets dust mint full shares and drain accrued rewards 0xaeae7d602b537b2065f3da05dcce754fb23a968d $0.00 no 3 months ago d56f910c-3d71-409c-894a-2f145cc856af
high codex First depositor share inflation can zero‑mint later deposits and steal their ABR 0xbbbd1bbb4f9b936c3604906d7592a644071de884 $14,867,814.55 no 3 months ago dbcf5643-b21f-40b3-a143-69185d9bdf76
high codex Replayable owner signatures due to missing domain separation in transaction hash 0x7da82c7ab4771ff031b66538d2fb9b0b047f6cf9 $31,881,464.38 no 3 months ago 2777b685-b8a7-47d0-87a2-7c35425b4f1b
high codex Phantom token deposits via malicious ERC20 let attacker trade unbacked balances for real assets 0x8d12a197cb00d4747a1fe03395095ce2a5cc6819 $47,393,993.66 no 3 months ago c0d05ecc-5a14-4ce1-9cc4-2b103799055d
high codex executeTxWithPermits allows reentrant double-execution of the same transaction 0x471756ad2124b04dc1c5c364ee6a9e29f8c3f67a $0.00 no 3 months ago 48761642-a2bb-4ad0-8c2c-796509a9987b
high codex Replayable signed transactions (no nonce/used-hash tracking) allow repeated withdrawals 0x135bbbf1903c61fa25596ee4e27b8f14ed968c04 $123,361.40 no 3 months ago e55a7ac9-46dc-47cb-8fd2-309875709a55
high codex Plaintext answer exposure lets any EOA drain the full balance 0x821ab5215e7970480d1d9c145632e5c15d3b8bbb $0.00 no 3 months ago da09a895-da60-46f6-92dd-2d365b3161b9
high codex Reverted blocks keep stale pendingWithdrawCommits, enabling withdrawals from invalid transitions 0xf86fd6735f88d5b6aa709b357ad5be22cedf1a05 $124,833.69 no 3 months ago 7cf066a0-1657-4bcb-bb21-4badff1e973d
high codex Answer leakage via Start calldata lets anyone claim the full balance 0xa46c2b718adfff25098417ad0b5d208c832260b1 $0.00 no 3 months ago 021898af-49a7-4060-b9dc-ad1f1631fb5b
high codex First-depositor share inflation via pre-deposit donation (rounding allows value extraction from later deposits) 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago 469feb27-7bd0-46d7-9fdc-ae3a5830bb40
high codex Reentrant token transfer allows repeated withdrawals before balance update 0x039fb002d21c1c5eeb400612aef3d64d49eb0d94 $0.00 no 3 months ago 9c711161-870e-44a5-9dec-202386f236a2
high codex Unprotected auction initialization allows admin/wallet hijack and theft of sale tokens 0x364b7e2d5b11b9d2016d232fa271d89d5e6065f1 $0.00 no 3 months ago f737e1d0-6060-4221-9bb6-8d056f16705e
high codex Donation-based share inflation enables zero-share deposits and theft of subsequent deposits 0xace74f217aef8085f328cc1d73757d913b7eea39 $0.00 no 3 months ago ae144725-31b7-4efd-af05-6da20a974622
high codex Reentrant redeem can double-withdraw later assets in multi-token vault 0x1cb489ef513e1cc35c4657c91853a2e6ff1957de $0.00 no 3 months ago 8c5b2b5d-90da-42b1-a8ff-785f9a741c38
high codex Anyone can reset the reentrancy guard via initializePoolV2, enabling reward inflation in deposit 0xfc59ab348e0c0e789e914b0864f08cab98db1553 $0.00 no 3 months ago ff932ff9-2ce9-490b-9514-dd6f80ed85c1
high codex Unprotected reinitializer enables ownership takeover and forged withdrawals 0x2ccd5486ea1b2a52dcd387c01314f6a328f66cbb $0.00 no 3 months ago ea503cad-40e9-45b2-b499-15207ca468f7
high codex Unprotected initialize enables treasury hijack on uninitialized ATokenInstance 0xb2668573828029917ffbd1e76270373511818498 $0.00 no 3 months ago 1dde14e9-bcb7-465f-803b-2ce787c6e2d9
high codex Initializer callable by anyone enables takeover of uninitialized proxy 0x04ead25447f9371c5c1e2c33645f32aafeb337dc $0.00 no 3 months ago f87396ab-be81-49d8-86db-2ad77e0251d8
high codex Unprotected initialize lets anyone set pool interest rate 0xa2ffdc7efef98469d11370d91c0a17dc83ec2bda $161,822.91 no 3 months ago 006ad5b9-da71-47b0-b31d-5bb56d063f46
high codex Public supply functions let anyone move assets off the tracked provider, blocking withdrawals 0x83f798e925bcd4017eb265844fddabb448f1707d $159,466.24 no 3 months ago 25b64c9e-a9a5-474a-8faf-8e739aace6ae
high codex Unprotected initializer lets any caller take ownership of distribution parameters 0x9cd8d3c4380ab48d7cca425e34166efd2147ee40 $165,983.33 no 3 months ago 4b6d808e-caa6-4fa9-9cd9-5efbcbdeeda0
high codex Unprotected initializer lets anyone become OWNER_ROLE if initialization is front‑run or forgotten 0xbe607a58206180fef691bf1b5ae9670174284388 $0.00 no 3 months ago 1fa951b9-2131-457c-8c77-edb910fcb7c3
high codex NFT burn lacks ownership check, enabling destruction of others’ tokens 0xc36cf0cfcb5d905b8b513860db0cfe63f6cf9f5c $208,137.22 no 3 months ago 5ee92886-8335-43e3-bee9-4a7cb539a22c
high codex Unprotected initialize allows admin/votingEscrow takeover 0x8549ba7f483afb13b8321830d6f07f30f0a2f1de $222,172.27 no 3 months ago 09fa5a2e-f3b7-46e9-8b86-0a03ea86c5f7
high codex Reentrancy window in withdraw before balance update 0x039fb002d21c1c5eeb400612aef3d64d49eb0d94 $0.00 no 3 months ago f48b1e81-4fa5-4c5d-a3aa-b4088c28d8f0
high codex Failed execTransaction still consumes tezosOperation, enabling gas‑griefing DoS and stuck unwraps 0x5dc76fd132354be5567ad617fd1fe8fb79421d82 $250,884.11 no 3 months ago 6d9075ea-e510-4702-8437-3a8481b449fa