TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low codex `transfer` selector appears to be non-standard and returns no boolean 0xd0af1e9919f6321f1dfef2d9cbb60ef7a10d6c99 $31,000.00 no 1 week ago 019b3836-26af-7038-a6a2-7e46c2772286
low codex Fallback path accepts ETH and appears to trap it permanently 0xd0af1e9919f6321f1dfef2d9cbb60ef7a10d6c99 $31,000.00 no 1 week ago 019b3836-26af-7038-a6a2-7e46c2772286
low codex Contract appears payable and can permanently lock ETH 0x94f27b5141e17dd8816242d752c7be8e6764bd22 $310.00 no 1 week ago 019b3836-24d7-73a9-8b25-f729a127fa1e
medium codex `transfer` path appears ERC-20-incompatible because it returns no boolean value 0x7a47bacaab34d55a5485be5c40ffd2768659716d $465.00 no 1 week ago 019b3836-273f-721b-b9f8-9c61d5da95a3
low codex Recipient balance credit uses unchecked addition 0xac514f05160d2723aa7fb27bf98abf347dd26d2d $3,100.00 no 1 week ago 019b3836-258e-70dc-8c36-57a18d72465b
low codex `transfer` appears to return `false` even when balances are updated successfully 0xac514f05160d2723aa7fb27bf98abf347dd26d2d $3,100.00 no 1 week ago 019b3836-258e-70dc-8c36-57a18d72465b
medium codex Fallback path accepts ETH and arbitrary calldata, creating a permanent ETH sink 0xa393545f618a959f0fda319170bd537e241d2196 $155.00 no 1 week ago 019b3836-262d-73e8-9503-2969bfe0b151
low codex `transfer` appears non-standard and returns no boolean value 0xa393545f618a959f0fda319170bd537e241d2196 $155.00 no 1 week ago 019b3836-262d-73e8-9503-2969bfe0b151
low codex `transfer` accepts truncated calldata (classic short-calldata/short-address risk) 0xa393545f618a959f0fda319170bd537e241d2196 $155.00 no 1 week ago 019b3836-262d-73e8-9503-2969bfe0b151
high codex Unguarded arbitrary CALL gadget can write attacker-chosen data into storage 0xc861fc8dc9537159d94acbd662439046ea407166 $49.60 no 1 week ago 019b3836-22f2-7323-a0f4-cbc79d8a01c5
medium codex State update happens after an attacker-controlled external CALL with no visible reentrancy guard 0xc861fc8dc9537159d94acbd662439046ea407166 $49.60 no 1 week ago 019b3836-22f2-7323-a0f4-cbc79d8a01c5
medium codex Unchecked fixed-gas payout CALLs can fail silently while entitlement state is cleared 0x7e2d0fe0ffdd78c264f8d40d19acb7d04390c6e8 $0.62 no 1 week ago 019b3836-22ec-70fe-bb44-362659c898ea
low codex Overpayment refund branch ignores refund failure and appears to leave excess ETH trapped 0x7e2d0fe0ffdd78c264f8d40d19acb7d04390c6e8 $0.62 no 1 week ago 019b3836-22ec-70fe-bb44-362659c898ea
high codex Unchecked ETH payouts can mark participants paid even when the transfer fails 0xdc00a9f92e9ea5cba399b026775e64596215861f $108.50 no 1 week ago 019b3836-225f-71fa-9a22-3ba4f0a44b83
medium codex Timeout payout loop calls out before clearing the current entry 0xdc00a9f92e9ea5cba399b026775e64596215861f $108.50 no 1 week ago 019b3836-225f-71fa-9a22-3ba4f0a44b83
medium codex Public timeout path can selfdestruct the contract and sweep leftovers to a hardcoded address 0xdc00a9f92e9ea5cba399b026775e64596215861f $108.50 no 1 week ago 019b3836-225f-71fa-9a22-3ba4f0a44b83
high codex Settlement clears accounting even when ETH payouts fail 0xe881af13bf55c97562fe8d2da2f6ea8e3ff66f98 $16.12 no 1 week ago 019b3836-229f-7340-9526-a8183608906c
medium codex Refund-on-error path can silently trap ETH 0xe881af13bf55c97562fe8d2da2f6ea8e3ff66f98 $16.12 no 1 week ago 019b3836-229f-7340-9526-a8183608906c
high codex Reentrant payout loop can recurse into finalization and sweep remaining funds 0x40c3506a8446bb5d806fe0030d451142c8044f77 $3,100.00 no 1 week ago 019b3836-21ba-7125-a495-b3a817f9d105
medium codex Privileged destroy/migrate path can replace the live contract by creating a child and selfdestructing 0x40c3506a8446bb5d806fe0030d451142c8044f77 $3,100.00 no 1 week ago 019b3836-21ba-7125-a495-b3a817f9d105
medium codex Unchecked low-level ETH sends can permanently skip payouts 0x40c3506a8446bb5d806fe0030d451142c8044f77 $3,100.00 no 1 week ago 019b3836-21ba-7125-a495-b3a817f9d105
high codex External payout calls occur before round state is cleared 0xfc67bd301a4c698b461e5e9f26eab60d230b77a4 $1,240.00 no 1 week ago 019b3836-22a9-708c-9e79-2665fbe783ab
medium codex Outbound ETH transfers ignore CALL success and continue 0xfc67bd301a4c698b461e5e9f26eab60d230b77a4 $1,240.00 no 1 week ago 019b3836-22a9-708c-9e79-2665fbe783ab
medium codex Unchecked low-level CALL can desynchronize storage from actual ETH delivery 0x4abc539ee0c73725256391bf0eb3fda72e8a59ad $0.00 no 1 week ago 019b3836-2209-72d4-9ba8-38d2afe67531
medium codex Value-bearing external call happens before the balance slot is updated 0x4abc539ee0c73725256391bf0eb3fda72e8a59ad $0.00 no 1 week ago 019b3836-2209-72d4-9ba8-38d2afe67531
high codex Payable acquisition path returns success on failed preconditions, trapping ETH 0x0e5e2b9341341ade98f510ad9a744e01f3b29f03 $15,500.00 no 1 week ago 019b3836-22d7-70d4-8f04-697b1924f6d7
medium codex Unchecked 5 ETH external CALL after state mutation can strand refunds 0x0e5e2b9341341ade98f510ad9a744e01f3b29f03 $15,500.00 no 1 week ago 019b3836-22d7-70d4-8f04-697b1924f6d7
high codex CREATE plus SELFDESTRUCT phase transition is broken on Ethereum mainnet after EIP-6780 0x17c7d136bdfc4371f989076bb3842be2e73c3ec1 $3.81 no 1 week ago 019b3836-21e4-7185-8734-88afaf7cdc4e
medium codex Unbounded payout loop allows gas-based denial of service 0x17c7d136bdfc4371f989076bb3842be2e73c3ec1 $3.81 no 1 week ago 019b3836-21e4-7185-8734-88afaf7cdc4e
medium codex Unchecked low-level ETH calls can silently skip payouts 0x17c7d136bdfc4371f989076bb3842be2e73c3ec1 $3.81 no 1 week ago 019b3836-21e4-7185-8734-88afaf7cdc4e
high codex Payable path fails open and persists state even when its apparent eligibility/collateral checks fail 0x8226891a383dc93da036274431aa9e00b47104d0 $0.00 no 1 week ago 019b3836-220c-72ad-99e1-0bffbd1dfee3
low codex Unchecked external CALL forwards gas before bookkeeping 0x8226891a383dc93da036274431aa9e00b47104d0 $0.00 no 1 week ago 019b3836-220c-72ad-99e1-0bffbd1dfee3
medium codex Public entrypoint can force ETH transfer to the address stored in slot 0 0x7aa73b556c0da8ca4e83e483d7404930e946473b $0.00 no 1 week ago 019b3836-2211-7274-9805-31a96cedf1d9
low codex Low-level ETH call ignores success/failure 0x7aa73b556c0da8ca4e83e483d7404930e946473b $0.00 no 1 week ago 019b3836-2211-7274-9805-31a96cedf1d9
high codex Deployable child runtime pays arbitrary recipients via CALL with no reentrancy guard 0x480d57dbf6c3b49916b9325e2c5ed92401c54efc $124.00 no 1 week ago 019b3831-b4f2-714e-8d83-674c9b049484
high codex Top-level accounting decrements user balances but creates child contracts with zero ETH 0x480d57dbf6c3b49916b9325e2c5ed92401c54efc $124.00 no 1 week ago 019b3831-b4f2-714e-8d83-674c9b049484
medium codex Child payout loop ignores CALL failure, so recipients can be skipped and funds redistributed incorrectly 0x480d57dbf6c3b49916b9325e2c5ed92401c54efc $124.00 no 1 week ago 019b3831-b4f2-714e-8d83-674c9b049484
high codex Withdrawal paths send ETH to CALLER before clearing caller-specific accounting 0xbf4aa23fc8a11f84f6ce07a11b1f7455b732eb1b $0.00 no 1 week ago 019b3831-b510-72f0-943d-9bb9b2a2899a
low codex Fallback and unknown-selector paths appear to accept ETH without crediting any user state 0xbf4aa23fc8a11f84f6ce07a11b1f7455b732eb1b $0.00 no 1 week ago 019b3831-b510-72f0-943d-9bb9b2a2899a
high codex Cooldown/lock check uses reversed subtraction, collapsing the wait period 0x4f0255319faa4a7915856300f5ff98a2fe86ae97 $0.00 no 1 week ago 019b3831-b4e0-71c5-8142-0d761b2b7ab8
medium codex Fallback/unknown-selector path silently accepts ETH without crediting sender 0x4f0255319faa4a7915856300f5ff98a2fe86ae97 $0.00 no 1 week ago 019b3831-b4e0-71c5-8142-0d761b2b7ab8
low codex ETH payouts are sent with stipend-only CALL semantics, which can lock funds for contract recipients 0x4f0255319faa4a7915856300f5ff98a2fe86ae97 $0.00 no 1 week ago 019b3831-b4e0-71c5-8142-0d761b2b7ab8
high codex Deposits credit the requested amount instead of the amount actually received 0xa8372d6ff00d48a25baa1af16d6a86c936708f4e $0.00 no 1 week ago 019d5667-1339-71d8-a320-f4112d024afe
medium codex Withdrawal signatures are replayable across predicate instances on the same chain 0xa8372d6ff00d48a25baa1af16d6a86c936708f4e $0.00 no 1 week ago 019d5667-1339-71d8-a320-f4112d024afe
high codex Unchecked CowSwap feeAmount lets a limit order drain extra sellToken beyond params.amountIn 0x00000000d681e85e5783588f87a9573cb97eda01 $0.00 no 1 week ago 019d5666-f542-7208-84bc-d2e3db83e367
high codex ERC20 bridge accounting trusts the requested amount instead of the amount actually received 0x29353f77c6b0d3772d73e708cc8e1fca08c80c11 $0.00 no 1 week ago 019d5666-e916-7246-acfd-c2f7d6ef4d74
medium codex Delayed ERC20 withdrawals clear user claims before confirming token delivery 0x29353f77c6b0d3772d73e708cc8e1fca08c80c11 $0.00 no 1 week ago 019d5666-e916-7246-acfd-c2f7d6ef4d74
low codex `CommunityLocker.setGasPrice` accepts arbitrary caller-supplied oracle values 0x29353f77c6b0d3772d73e708cc8e1fca08c80c11 $0.00 no 1 week ago 019d5666-e916-7246-acfd-c2f7d6ef4d74
high codex Fee-on-transfer collateral tokens let users over-withdraw from pooled escrow 0x6ac64c4760e0590f88233b2046810e87e0354324 $0.00 no 1 week ago 019d5666-ddb2-7138-a85b-4026ca2b3eec
high codex Owner can de-whitelist an active collateral token and withdraw funds backing live positions 0x6ac64c4760e0590f88233b2046810e87e0354324 $0.00 no 1 week ago 019d5666-ddb2-7138-a85b-4026ca2b3eec