TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high detector Untrusted CALL target/value reachable 0x34deff97889f3a6a483e3b9255cafcb9a6e03588 $55,492.91 no no 3 months ago 019bb004-7ab9-73fd-9028-3e51a75dab77
high detector ETH value transfer possible 0x34deff97889f3a6a483e3b9255cafcb9a6e03588 $55,492.91 no no 3 months ago 019bb004-7ab9-73fd-9028-3e51a75dab77
high detector Authorization based on tx.origin 0xa1559cb92445cd39e3f8f16c3574e99850bc7b7d $55,529.41 no 3 months ago 019bb004-7aaa-7101-90e3-70d09190c5dd
high detector Authorization based on tx.origin 0xecb55b39adb7c166ccab4ccb77463ded1d201de4 $55,577.52 no 3 months ago 019bb004-7a88-71a8-a984-b890b5639b62
high codex Computed DELEGATECALL target reachable (arbitrary code execution risk) 0x6c6210232654a5b57a576f9b4434f36e0b5d3768 $0.00 no 3 months ago 019bab3e-55f8-7003-b95c-b596b34c2a96
high codex Old committee members remain authorized after rotation 0x49643fc85fb1f25b6775ebbbdc69295d45105abc $0.00 no 3 months ago 019bab3d-f2be-72f8-a06f-15a39da6a9c7
high slither TimelockController._execute(address,uint256,bytes) (lib/openzeppelin-contracts/contracts/governance/TimelockController.sol#412-415) sends eth to arbitrary user 0xc1c5b18774d0282949331b719b5ea4a21cbc62c8 $0.00 no 3 months ago 019bab3d-c746-7355-af08-a01c5cba9495
high slither VaultLib.processor(address[],uint256[],bytes[]) (src/library/VaultLib.sol#319-336) sends eth to arbitrary user 0xc1c5b18774d0282949331b719b5ea4a21cbc62c8 $0.00 no 3 months ago 019bab3d-c746-7355-af08-a01c5cba9495
high codex processAccounting ignores buffer/strategy assets, enabling share price manipulation 0xc1c5b18774d0282949331b719b5ea4a21cbc62c8 $0.00 no 3 months ago 019bab3d-c746-7355-af08-a01c5cba9495
high codex CALLCODE to computed target enables storage/context corruption 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 3 months ago 019bab3d-a735-71f5-99d9-235223139c05
high codex Unrestricted initializer allows takeover of uninitialized AToken instance/proxy 0x6faee7aac498326660ac2b7207b9f67666073111 $0.00 no 3 months ago 019bab3d-a126-71a9-ba02-d6d1d782d905
high codex Unprotected initializer can be hijacked to take ownership 0xb0d6eed90f8e497b867f557c44a49c8c81fa0a5d $0.00 no 3 months ago 019bab3c-acf0-7088-b150-fa883a5349a3
high codex Admin rescueAssets can withdraw unclaimed exit assets once vault is uncollateralized 0x927a83c679a5e1a6435d6bfaef7f20d4db23e2cc $0.00 no 3 months ago 019bab3c-4a33-7098-9325-ebfbff005bf9
high codex SNARK verification can be bypassed via tx.origin backdoor 0xb157dc78c2815280906a6730984a5e0dca65e247 $0.00 no 3 months ago 019bab3c-03ac-7154-aa8e-81b80b4bfd3c
high slither Reentrancy in TimelockControllerUpgradeable.executeBatch(address[],uint256[],bytes[],bytes32,bytes32) (@openzeppelin/contracts-upgradeable/governance/TimelockControllerUpgradeab... 0x8d1fa828e0b99f2cd9bec6c51ff11e97b502db8a $0.00 no 3 months ago 019bab3b-fcd0-7290-bd8b-dd7b4bf015df
high slither TimelockControllerUpgradeable._execute(address,uint256,bytes) (@openzeppelin/contracts-upgradeable/governance/TimelockControllerUpgradeable.sol#348-355) sends eth to arbitrary user 0x8d1fa828e0b99f2cd9bec6c51ff11e97b502db8a $0.00 no 3 months ago 019bab3b-fcd0-7290-bd8b-dd7b4bf015df
high codex Unprotected initializer allows timelock takeover if proxy not initialized 0x8d1fa828e0b99f2cd9bec6c51ff11e97b502db8a $0.00 no 3 months ago 019bab3b-fcd0-7290-bd8b-dd7b4bf015df
high detector Untrusted CALL target/value reachable 0xb468ab08385c42b086cf487ad4f1821a18ee714f $0.00 no no 3 months ago 019bab3e-9728-735c-874d-13bc5911ad95
high detector ETH value transfer possible 0xb468ab08385c42b086cf487ad4f1821a18ee714f $0.00 no no 3 months ago 019bab3e-9728-735c-874d-13bc5911ad95
high detector Untrusted DELEGATECALL target reachable 0x6c6210232654a5b57a576f9b4434f36e0b5d3768 $0.00 no no 3 months ago 019bab3e-55f8-7003-b95c-b596b34c2a96
high detector ETH value transfer possible 0x7e1240ae716041f6440303c7b1909f3704650f1b $0.00 no no 3 months ago 019bab3e-3e2c-716e-9047-9267e7c0387f
high detector Untrusted CALL target/value reachable 0x7e1240ae716041f6440303c7b1909f3704650f1b $0.00 no no 3 months ago 019bab3e-3e2c-716e-9047-9267e7c0387f
high codex DELEGATECALL to external target (proxy-like risk) 0x06291eee038e94e8dec2b3bfb6e030c0b5615506 $56,236.72 no 3 months ago 019bab3b-ac85-70a7-83ce-dfd718c375d8
high codex Delegatecall to computed target enables arbitrary code execution if reachable 0x95fe5961368664c3da8879d7542149ddf0738d82 $56,641.81 no 3 months ago 019bab3b-ac6c-7220-8780-0b3cf4eedfd4
high codex Retired committee members remain authorized to process requests 0xf2139f5c8afb8a4d64084efc5532830774742830 $56,780.96 no 3 months ago 019bab3b-ac5a-722f-b716-e6968b11ca70
high detector ETH value transfer possible 0x49643fc85fb1f25b6775ebbbdc69295d45105abc $0.00 no no 3 months ago 019bab3d-f2be-72f8-a06f-15a39da6a9c7
high detector Untrusted CALL target/value reachable 0x49643fc85fb1f25b6775ebbbdc69295d45105abc $0.00 no no 3 months ago 019bab3d-f2be-72f8-a06f-15a39da6a9c7
high slither Staking.deposit(uint256) (contracts/Contract.sol#1272-1300) ignores return value by ABR.transferFrom(msg.sender,address(this),_amount) (contracts/Contract.sol#1297-1300) 0xd5d6b2f2d7a7506c49bb0cb6fb39a67f065d6fc4 $56,793.75 no 3 months ago 019bab3b-ac52-71c2-b78b-846cf73d1ca2
high slither Reentrancy in Bridge.removeToken(bytes4,bytes32,address) (contracts/Contract.sol#1620-1646): 0xd5d6b2f2d7a7506c49bb0cb6fb39a67f065d6fc4 $56,793.75 no 3 months ago 019bab3b-ac52-71c2-b78b-846cf73d1ca2
high slither Staking.withdraw(uint256) (contracts/Contract.sol#1300-1310) ignores return value by ABR.transfer(msg.sender,what) (contracts/Contract.sol#1309-1310) 0xd5d6b2f2d7a7506c49bb0cb6fb39a67f065d6fc4 $56,793.75 no 3 months ago 019bab3b-ac52-71c2-b78b-846cf73d1ca2
high slither Bridge.removeToken(bytes4,bytes32,address) (contracts/Contract.sol#1620-1646) sends eth to arbitrary user 0xd5d6b2f2d7a7506c49bb0cb6fb39a67f065d6fc4 $56,793.75 no 3 months ago 019bab3b-ac52-71c2-b78b-846cf73d1ca2
high detector Authorization based on tx.origin 0xc1c5b18774d0282949331b719b5ea4a21cbc62c8 $0.00 no 3 months ago 019bab3d-c746-7355-af08-a01c5cba9495
high detector Untrusted DELEGATECALL target reachable 0xc1c5b18774d0282949331b719b5ea4a21cbc62c8 $0.00 no no 3 months ago 019bab3d-c746-7355-af08-a01c5cba9495
high slither Reentrancy in DividendPayingToken._withdrawDividendOfUser(address) (contracts/DividendPayingToken.sol#86-95): 0x456fa3183d33497b290a3d24b98ddbc902ae1da5 $57,078.35 no 3 months ago 019bab3b-ac0d-70eb-9589-3835283d1f66
high slither Reentrancy in FetchInuDividendTracker.process(uint256) (contracts/FetchInuDividendTracker.sol#156-201): 0x456fa3183d33497b290a3d24b98ddbc902ae1da5 $57,078.35 no 3 months ago 019bab3b-ac0d-70eb-9589-3835283d1f66
high codex Computed-target DELEGATECALL allows code execution in caller storage if user-controlled 0x60330141cf5911c14cdb400b7ad400b3c3dfdc7a $57,113.10 no 3 months ago 019bab3b-abf8-72ed-bfa4-d886cd417463
high detector Untrusted CALL target/value reachable 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no no 3 months ago 019bab3d-a735-71f5-99d9-235223139c05
high detector ETH value transfer possible 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no no 3 months ago 019bab3d-a735-71f5-99d9-235223139c05
high slither InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a... 0xd35f648c3c7f17cd1ba92e5eac991e3efcd4566d $57,269.11 no 3 months ago 019bab3b-abf1-7097-9d2d-1e8607143abe
high detector Authorization based on tx.origin 0x6faee7aac498326660ac2b7207b9f67666073111 $0.00 no 3 months ago 019bab3d-a126-71a9-ba02-d6d1d782d905
high detector Untrusted CALL target/value reachable 0x677ecf96dbfee1defbde8d2e905a39f73aa27b89 $0.00 no no 3 months ago 019bab3d-7dae-718a-bd33-ed21b428c9ba
high detector ETH value transfer possible 0x677ecf96dbfee1defbde8d2e905a39f73aa27b89 $0.00 no no 3 months ago 019bab3d-7dae-718a-bd33-ed21b428c9ba
high slither FeeManager.claimFee(uint256) (contracts/Contract.sol#154-167) sends eth to arbitrary user 0xe87227adf0fd3f6e580e2825069a0f8e8da66ad0 $58,131.70 no 3 months ago 019bab3b-ab99-71b5-b7c5-de651f85934f
high slither DragonCurve.refund(uint256) (src/DragonCurve.sol#156-161) sends eth to arbitrary user 0x000000000000c94ed90488d3ac687a2673c2b6fb $58,170.88 no 3 months ago 019bab3b-ab92-73e3-a078-3ec5304af404
high slither DragonCurve.refundFrom(address,uint256) (src/DragonCurve.sol#162-172) sends eth to arbitrary user 0x000000000000c94ed90488d3ac687a2673c2b6fb $58,170.88 no 3 months ago 019bab3b-ab92-73e3-a078-3ec5304af404
high detector Untrusted CALL target/value reachable 0xd9537f37fb0c7c6219b1d929688d4553d7735fdc $0.00 no no 3 months ago 019bab3d-3c25-70db-987e-c40123e1a189
high detector ETH value transfer possible 0xd9537f37fb0c7c6219b1d929688d4553d7735fdc $0.00 no no 3 months ago 019bab3d-3c25-70db-987e-c40123e1a189
high slither Plague.feeWithdraw() (contracts/Contract.sol#553-571) sends eth to arbitrary user 0xf317a365cfef0aa4357abd057048808a1d430402 $58,424.26 no 3 months ago 019bab3b-ab84-72af-bef3-c28e12418fef
high detector ETH value transfer possible 0x75161367fcac81482706d119ceedf8ef9a26fb8b $0.00 no no 3 months ago 019bab3d-2204-73f2-9818-d5b32a5fa050
high detector Untrusted CALL target/value reachable 0x75161367fcac81482706d119ceedf8ef9a26fb8b $0.00 no no 3 months ago 019bab3d-2204-73f2-9818-d5b32a5fa050