TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high cast SELFDESTRUCT present 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 2 months ago 019c0eac-1141-73a4-bb86-3f06ad5c30a9
high codex Initializer is publicly callable, enabling admin takeover if proxy is left uninitialized 0xfcf8eda095e37a41e002e266daad7efc1579bc0a $43,190.99 no 2 months ago 019c0ea9-0991-73a8-9d8e-2bfc551e719c
high codex Orders are unauthenticated, allowing relays to execute arbitrary trades or penalties against any trader 0xfca6a62a11cd75ef6506c4973a67c5b2a3d8915f $43,264.41 no 2 months ago 019c0ea9-0976-7128-8854-e104b5d873b5
high detector ETH value transfer possible 0x4a1dc57d949db46a456d0104f437ed87ee24422f $0.00 no no 2 months ago 019c0eab-c14a-7068-a5b7-e9885803d0b8
high detector Untrusted CALL target/value reachable 0x4a1dc57d949db46a456d0104f437ed87ee24422f $0.00 no no 2 months ago 019c0eab-c14a-7068-a5b7-e9885803d0b8
high codex Multi-bridge transfers do not enforce payload consistency across adapters 0xb0614316d1f45a5da4b09b198cb6cd8fb44bb47b $43,396.86 no 2 months ago 019c0ea9-0954-73b5-b34f-d86eee9f9728
high slither SimpleERC20Escrow.pay(address,uint256) (contracts/Contract.sol#34-38) ignores return value by token.transfer(recipient,amount) (contracts/Contract.sol#37-38) 0xd01159af63c39ef4de125ac3baa940893e8009cd $43,400.00 no 2 months ago 019c0ea9-094d-71d5-afa7-e616ff0989ab
high codex Unprotected initialize allows hostile takeover of escrow market 0xd01159af63c39ef4de125ac3baa940893e8009cd $43,400.00 no 2 months ago 019c0ea9-094d-71d5-afa7-e616ff0989ab
high detector SELFDESTRUCT reachable 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
high detector Untrusted CALL target/value reachable 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
high detector ETH value transfer possible 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
high cast SELFDESTRUCT present 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
high detector Untrusted DELEGATECALL target reachable 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 yes yes 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
high detector Authorization based on tx.origin 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
high slither Pool.safeRewardTransfer(address,uint256) (contracts/Contract.sol#1269-1276) ignores return value by rewardToken.transfer(_to,_amount) (contracts/Contract.sol#1273-1276) 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
high slither Pool.safeRewardTransfer(address,uint256) (contracts/Contract.sol#1269-1276) ignores return value by rewardToken.transfer(_to,balance) (contracts/Contract.sol#1272-1273) 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
high codex Pool can be permanently bricked after endBlock due to underflow in reward calculation 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
high codex Oracle price used without freshness/validity checks enables share mispricing 0x3a43aec53490cb9fa922847385d82fe25d0e9de7 $43,555.55 no 2 months ago 019c0ea9-0919-70a6-b4c7-3e776897cc66
high detector ETH value transfer possible 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
high detector Untrusted CALL target/value reachable 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
high slither FlashBotsMultiCall.uniswapWeth(uint256,uint256,address[],bytes[]) (contracts/Contract.sol#50-71) ignores return value by WETH.transfer(_targets[0],_wethAmountToFirstMarket) (con... 0xc35d77d25d81be78ad60ce14fea7c92d438782e3 $43,570.25 no 2 months ago 019c0ea9-0913-71a5-94ad-a630aa874b8f
high detector ETH value transfer possible 0x9c3a4329ff26934b04312162f83c8f69d52aa060 $0.00 no no 2 months ago 019c0eab-4fce-73b8-bbdb-0d0d0ffdf301
high detector Untrusted CALL target/value reachable 0x9c3a4329ff26934b04312162f83c8f69d52aa060 $0.00 no no 2 months ago 019c0eab-4fce-73b8-bbdb-0d0d0ffdf301
high detector ETH value transfer possible 0xd3f582f6b4814e989ee8e96bc3175320b5a540ab $0.00 no no 2 months ago 019c0eab-41f8-709b-a0d5-a4b9b6478fe1
high detector Untrusted CALL target/value reachable 0xd3f582f6b4814e989ee8e96bc3175320b5a540ab $0.00 no no 2 months ago 019c0eab-41f8-709b-a0d5-a4b9b6478fe1
high codex Authorization relies on tx.origin 0xde527099f9ecf94a67bc94c676694453f6bda781 $43,810.73 no 2 months ago 019c0ea9-08e3-7163-96ac-fbbb435f09e3
high codex Proposal hash omits assetId, enabling cross-asset replay within the same vault 0x99571e95db76b5cbc986ad1044ac73a0a7a09e28 $43,892.15 no 2 months ago 019c0ea9-08cc-7154-a38a-1d2d33f60a5c
high slither TokenDistributor.emergencyExecute(address,bytes) (contracts/distribution/TokenDistributor.sol#306-319) uses delegatecall to a input-controlled function id 0x1ca2007a81f8a7491bb6e11d8e357fd810896454 $44,058.05 no 2 months ago 019c0ea9-08b4-71da-b1cb-0a3294685f27
high codex Authorization relies on tx.origin 0xbf96042d61937b1686b81557c3a92806f1727ecf $44,386.81 no 2 months ago 019c0ea9-0840-7237-af59-7bfbb24d83fa
high detector ETH value transfer possible 0xeda4c4067bdd708bb75ac620e1e2215a747a1f39 $0.00 no no 2 months ago 019c0eaa-46e2-714b-a04f-a45cdb834d69
high detector Untrusted CALL target/value reachable 0xeda4c4067bdd708bb75ac620e1e2215a747a1f39 $0.00 no no 2 months ago 019c0eaa-46e2-714b-a04f-a45cdb834d69
high codex Computed DELEGATECALL target reachable (potential arbitrary code execution) 0xe63dc0b48fd13c888661bfb30d7069823f967f03 $44,592.73 no 2 months ago 019c0ea9-080e-72a0-9742-9404d6ac7052
high detector Untrusted CALL target/value reachable 0x52af16664155608b845be18aa29620ebf6ea2d3a $0.00 no no 2 months ago 019c0eaa-264c-7262-abcd-2f5c9d2c4512
high detector ETH value transfer possible 0x52af16664155608b845be18aa29620ebf6ea2d3a $0.00 no no 2 months ago 019c0eaa-264c-7262-abcd-2f5c9d2c4512
high codex `fusionPartTwo` is publicly callable and bypasses fusion checks/interval 0x3d3097cd94fec5dc823e5025a59438e63757dc79 $44,677.61 no 2 months ago 019c0ea9-07f4-701b-ab0c-54bbd630ab82
high detector Untrusted CALL target/value reachable 0x438285fbccba55ce8cdef276030e6b35a0b65b6b $0.00 no no 2 months ago 019c0eaa-1573-73c9-bdcd-698f810a9fbd
high detector ETH value transfer possible 0x438285fbccba55ce8cdef276030e6b35a0b65b6b $0.00 no no 2 months ago 019c0eaa-1573-73c9-bdcd-698f810a9fbd
high detector ETH value transfer possible 0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b $0.00 no no 2 months ago 019c0ea9-f67b-73b7-80e6-a5d6cba42ff4
high detector Untrusted CALL target/value reachable 0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b $0.00 no no 2 months ago 019c0ea9-f67b-73b7-80e6-a5d6cba42ff4
high detector ETH value transfer possible 0x46c64c1630f320b890d765e7c6f901574924b0c7 $0.00 no no 2 months ago 019c0ea9-f016-739a-ad4f-c89570e9c08b
high detector Untrusted CALL target/value reachable 0x46c64c1630f320b890d765e7c6f901574924b0c7 $0.00 no no 2 months ago 019c0ea9-f016-739a-ad4f-c89570e9c08b
high codex Nonce marked after external call allows reentrant replay of the same signed transaction 0x4d307525b22897ca07af7e34079397f3d7ae60a2 $44,850.97 no 2 months ago 019c0ea9-07c1-72fc-b499-c22be17f1945
high detector ETH value transfer possible 0x43ffaa65fe273d2ef9edd78418091d41b1aa40e8 $0.00 no no 2 months ago 019c0ea9-e9be-73c6-a611-a0ba6ee4b415
high detector Untrusted CALL target/value reachable 0x43ffaa65fe273d2ef9edd78418091d41b1aa40e8 $0.00 no no 2 months ago 019c0ea9-e9be-73c6-a611-a0ba6ee4b415
high codex Relayer refund can be reentered before balance reset, enabling repeated refunds 0x50c02710b06d6addb864d6b038010ef6fa1bcd92 $44,959.89 no 2 months ago 019c0ea9-07b9-70a2-acc1-0b6c38a3ac98
high detector Untrusted DELEGATECALL target reachable 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
high slither OwnbitMultiSig.spend(address,uint256,uint8[],bytes32[],bytes32[],bytes) (contracts/Contract.sol#116-123) sends eth to arbitrary user 0xb916796bacee1d6553b86ae05d9dd4c5e8d0b057 $45,017.10 no 2 months ago 019c0ea9-07ab-7229-8ea9-ef5c66ea8236
high codex Unrestricted initialize allows proxy takeover if not initialized atomically 0xad16edcf7deb7e90096a259c81269d811544b6b6 $45,074.25 no 2 months ago 019c0ea9-07a4-7162-9dd3-67d9c56c3671
high detector Authorization based on tx.origin 0x3203e813930bd710043c1d899fe38dd359307352 $0.00 no 2 months ago 019c0ea9-c986-7300-a119-1cc3848d4c55
high slither SpokeGasToken._sendToken(address,uint256) (contracts/spoke/SpokeGasToken.sol#35-38) sends eth to arbitrary user 0xe3b0e4db870aa58a24f87d895c62d3dc5cd05883 $45,288.85 no 2 months ago 019c0ea9-078e-733e-a80c-08acc458ccbe