|
high
|
detector |
Untrusted CALL target/value reachable |
0x56534741cd8b152df6d48adf7ac51f75169a83b2
|
$11,335,144.07 |
no
|
no
|
3 months ago
|
019ba5f9-b6da-72ed-9a38-1b56b92b95e4
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0xf56eb5350306233247aa7d477e1a1116dd2c29ca
|
$14,303,288.16 |
no
|
no
|
3 months ago
|
019ba5f9-b6d3-71f7-bc02-e70d180340b6
|
|
high
|
detector |
ETH value transfer possible |
0xf56eb5350306233247aa7d477e1a1116dd2c29ca
|
$14,303,288.16 |
no
|
no
|
3 months ago
|
019ba5f9-b6d3-71f7-bc02-e70d180340b6
|
|
high
|
detector |
Authorization based on tx.origin |
0xf650c3d88d12db855b8bf7d11be6c55a4e07dcc9
|
$22,351,045.22 |
no
|
—
|
3 months ago
|
019ba5f6-a893-71b3-8758-7f80272744b9
|
|
high
|
detector |
Untrusted DELEGATECALL target reachable |
0xf650c3d88d12db855b8bf7d11be6c55a4e07dcc9
|
$22,351,045.22 |
no
|
no
|
3 months ago
|
019ba5f6-a893-71b3-8758-7f80272744b9
|
|
high
|
detector |
ETH value transfer possible |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
no
|
3 months ago
|
019ba5f6-45b4-701b-bb72-db3dec8c9eac
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
no
|
3 months ago
|
019ba5f6-45b4-701b-bb72-db3dec8c9eac
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
no
|
3 months ago
|
019ba5f5-e388-7187-9ffd-b290d1eaa4ca
|
|
high
|
detector |
ETH value transfer possible |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
no
|
3 months ago
|
019ba5f5-e388-7187-9ffd-b290d1eaa4ca
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
no
|
3 months ago
|
019ba5f5-1e3a-72a6-9898-ffec20c6ddaa
|
|
high
|
detector |
ETH value transfer possible |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
no
|
3 months ago
|
019ba5f5-1e3a-72a6-9898-ffec20c6ddaa
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
no
|
3 months ago
|
019ba5f4-3880-71f1-ad93-a69baec12399
|
|
high
|
detector |
ETH value transfer possible |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
no
|
3 months ago
|
019ba5f4-3880-71f1-ad93-a69baec12399
|
|
high
|
detector |
ETH value transfer possible |
0x01a360392c74b5b8bf4973f438ff3983507a06a2
|
$0.00 |
no
|
—
|
3 months ago
|
019ba5d9-ec42-72c8-b7dd-81d14268b827
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x01a360392c74b5b8bf4973f438ff3983507a06a2
|
$0.00 |
no
|
—
|
3 months ago
|
019ba5d9-ec42-72c8-b7dd-81d14268b827
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x01a360392c74b5b8bf4973f438ff3983507a06a2
|
$0.00 |
no
|
—
|
3 months ago
|
019ba5ca-c76c-70ca-84e9-fa93b92bff9d
|
|
high
|
detector |
ETH value transfer possible |
0x01a360392c74b5b8bf4973f438ff3983507a06a2
|
$0.00 |
no
|
—
|
3 months ago
|
019ba5ca-c76c-70ca-84e9-fa93b92bff9d
|
|
high
|
codex |
Unprotected reinitializer lets anyone set liquidityBuffer |
0xe3cbd06d7dadb3f4e6557bab7edd924cd1489e8f
|
$51,130,652.31 |
no
|
—
|
3 months ago
|
019ba5ca-c41d-73c2-8d74-6b616da61ddb
|
|
high
|
detector |
ETH value transfer possible |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
—
|
3 months ago
|
019ba5b8-2038-72ea-aa59-bde74b3dad8c
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
—
|
3 months ago
|
019ba5b8-2038-72ea-aa59-bde74b3dad8c
|
|
high
|
detector |
ETH value transfer possible |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
—
|
3 months ago
|
019ba598-8a93-7204-9d8e-6a2a8fa9edf9
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
—
|
3 months ago
|
019ba598-8a93-7204-9d8e-6a2a8fa9edf9
|
|
high
|
detector |
ETH value transfer possible |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
—
|
3 months ago
|
019ba594-52b2-71c7-b71a-6d2c6fdf1ca1
|
|
high
|
detector |
Untrusted CALL target/value reachable |
0x0d424072d658e6abd92c36f8fc16fd6479ae15a0
|
$0.00 |
no
|
—
|
3 months ago
|
019ba594-52b2-71c7-b71a-6d2c6fdf1ca1
|
|
high
|
codex |
Unrestricted arbitrary external call can drain ERC20/NFT balances |
0xf90bbf5d9bcf95ce5aa5c28ce175541a288b599c
|
$323,395.10 |
no
|
—
|
3 months ago
|
2a747c42-952c-4cd7-b048-b6a4a5a55726
|
|
high
|
codex |
Public initializer enables ownership takeover when uninitialized |
0x2d662361a828e67cd29b4070aad8c6914dc3309e
|
$387,500.00 |
no
|
—
|
3 months ago
|
c96090a4-5167-4be1-9f51-f3571b1b9bb9
|
|
high
|
codex |
Unrestricted batch transfer drains contract-held tokens |
0xb54ca24ac19098db42454c8ee8df67d260a22b1e
|
$930,031.00 |
no
|
—
|
3 months ago
|
b1bfdf89-3608-4fd0-b514-11fbacdbd4cd
|
|
high
|
codex |
Unprotected initializer allows attacker to set recipient and sweep ERC20 balances |
0x0a7d5c98d8b83bf36700c1c2fa03b3f10d1df2e8
|
$0.00 |
no
|
—
|
3 months ago
|
f3e7c777-190e-4408-a4ce-7e7b7bb1ab2c
|
|
high
|
codex |
Unprotected lazyInit lets attacker become host and drain treasury if uninitialized |
0x85db6688de2c47c8acd5c4dff804e6d5740790e3
|
$115,675.14 |
no
|
—
|
3 months ago
|
a9587494-c8ca-4fe1-bb88-33128e0a544a
|
|
high
|
codex |
Sold keys still count toward lucky pot distribution, enabling pot drain after selling |
0xb453b2c67d70f1e19ce770296c7d2f35cb7cdfd8
|
$118,075.89 |
no
|
—
|
3 months ago
|
7fb51998-f809-4e92-b921-e783e72a0f6f
|
|
high
|
codex |
Predictable airdrop RNG enables deterministic wins and draining airDropPot_ via constructor calls |
0xf5fe6b716c0cd0e88059d8b3d8385c086012eb0e
|
$118,219.32 |
no
|
—
|
3 months ago
|
dc383973-a9df-4d52-9ed4-f43a225cee09
|
|
high
|
codex |
Per-Bloot mint cap bypass via balance-based check enables full supply capture |
0x45c3844dea2e9fe9226524411de6d907188a1a9f
|
$128,650.00 |
no
|
—
|
3 months ago
|
832463d7-9e93-4b74-bdd3-6d4bfa44b44d
|
|
high
|
codex |
Unprotected initialize enables ownership takeover on uninitialized deployments |
0xe5feb62fb34adba661b7c8256887a8b9a21c2278
|
$0.00 |
no
|
—
|
3 months ago
|
0b21ba73-c1f6-4b4c-8e29-104ce6180cba
|
|
high
|
codex |
Public buyback swaps all Whirlpool ETH with amountOutMin=0, enabling price manipulation to drain ETH |
0x6db1c1b318275df254bb47c63e7f316380baf4be
|
$131,959.27 |
no
|
—
|
3 months ago
|
e6e1ae89-f441-48e7-a685-909fe0510b83
|
|
high
|
codex |
Reentrant getMyReward drains rewardAccount |
0xbb9bc244d798123fde783fcc1c72d3bb8c189413
|
$142,099.48 |
no
|
—
|
3 months ago
|
839a0dce-7e4a-416f-a10e-f6ca70c4e5cb
|
|
high
|
codex |
Reentrant refund drains all funds if token creation fails |
0xbb9bc244d798123fde783fcc1c72d3bb8c189413
|
$142,099.48 |
no
|
—
|
3 months ago
|
839a0dce-7e4a-416f-a10e-f6ca70c4e5cb
|
|
high
|
codex |
Publicly callable constructor-like function enables arbitrary minting |
0xb6307611c06c57257ee2ad83beed39cc6650163e
|
$212,009.00 |
no
|
—
|
3 months ago
|
cb735c6e-3195-4e92-b44b-e34ec97fa506
|
|
high
|
codex |
Unprotected governance token initialization lets attacker become minter and drain DAO ETH |
0x4f40e2f1edf9999124b2fcf26b04821e6ca7196d
|
$0.00 |
no
|
—
|
3 months ago
|
ff7f23a9-503b-490f-a989-b437a8f79cd7
|
|
high
|
codex |
Unprotected setup allows takeover of uninitialized Safe instances |
0xb6029ea3b2c51d09a50b53ca8012feeb05bda35a
|
$0.00 |
no
|
—
|
3 months ago
|
506a7469-4239-458c-8123-daf2bff25e39
|
|
high
|
codex |
AutoBoost reserve burn enables ETH‑neutral buy/sell loops that ratchet price upward |
0xc618d56b6d606e59c6b87af724ab5a91eb40d1cb
|
$281,927.44 |
no
|
—
|
3 months ago
|
b84cc237-c90a-4d2a-a39b-3b8b6f7bf892
|
|
high
|
codex |
Share inflation via donation + rounding-to-zero lets attacker steal later deposits |
0xa6b658ce4b1cdb4e7d8f97dffb549b8688cafb84
|
$282,664.20 |
no
|
—
|
3 months ago
|
4a24a7a8-fa98-4282-90e6-77d327527635
|
|
high
|
codex |
Unprotected initializer lets attacker seize ownership and drain an uninitialized WorkLockPoolingContract |
0xb9a42d02300f71ca23a100864fef2d5f82f7f833
|
$0.00 |
no
|
—
|
3 months ago
|
b00078b8-5707-459e-bc53-8181625ba80b
|
|
high
|
codex |
Late-buy launch-fund sniping allows capture of accumulated prelaunch dividends |
0xe01e2a3ceafa8233021fc759e5a69863558326b6
|
$327,031.26 |
no
|
—
|
3 months ago
|
2265ad84-b13f-4a4d-8194-e5ed07374046
|
|
high
|
codex |
Settler can mint WOLK to self in settleSeller without balance debit, then drain ETH via sellWolk |
0x728781e75735dc0962df3a51d7ef47e798a7107e
|
$332,552.87 |
no
|
—
|
3 months ago
|
5483ecc5-bdc1-4a5d-b18c-7e50f97f968e
|
|
high
|
codex |
Phantom ERC20 deposits enable trading fake balances for real assets |
0x373c55c277b866a69dc047cad488154ab9759466
|
$382,415.50 |
no
|
—
|
3 months ago
|
58a5a56b-8358-4516-9f42-50181b41b98b
|
|
high
|
codex |
Uncapped vesting math lets a payee drain all funds after vesting completes |
0x02874867a6d48713d9cf275b7324b790e9c1f7ee
|
$381,502.31 |
no
|
—
|
3 months ago
|
c9e2ed6f-0694-4735-963b-c9651c1e9ab6
|
|
high
|
codex |
Arbitrary caller can drain any existing allowance by crafting grants |
0x27321f84704a599ab740281e285cc4463d89a3d5
|
$726,697.96 |
no
|
—
|
3 months ago
|
99652185-f97f-481e-ba06-fdb49250a93c
|
|
high
|
codex |
Unprotected Chainlink feed initialization enables malicious oracle and governance takeover to drain ETH |
0x6f6e72033ca61c3e5f8b3dbdf85a53ad0a736ed5
|
$0.00 |
no
|
—
|
3 months ago
|
d7018378-90c4-46b6-a672-58cf2cad3803
|
|
high
|
codex |
Flash-loan price manipulation drains ETH via zero-slippage publicSwap |
0xaba513097f04d637727fdcda0246636e0d5d6833
|
$1,079,543.20 |
no
|
—
|
3 months ago
|
97cd6cda-535b-4091-acff-4edb553a0399
|
|
high
|
codex |
Share inflation via direct donations lets the first depositor steal later deposits |
0x35ffd6e268610e764ff6944d07760d0efe5e40e5
|
$1,385,920.03 |
no
|
—
|
3 months ago
|
fb399128-ba48-4197-80c8-ca2078ffb9c9
|