TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Initializer callable after constructor enables ownership takeover on non-atomic deployments 0x8cfec459f62055ed3104a577c6613522c10b55c4 $0.00 no 3 months ago b204c673-73d8-4a76-b490-0df979244afc
high codex Withdraw/redeem always revert due to double nonReentrant in yTHOR overrides 0x8793cd69895c45b2d2474236b3cb28fc5c764775 $263,485.84 no 3 months ago 478c0b93-42fb-420f-976c-10c0f10515a8
high codex Unrestricted dispatcher initialize allows arbitrary sub-contract replacement and delegatecall execution 0x8c43c9bec15d82d153c52518030e0a9590abd35d $0.00 no 3 months ago 42220919-1f55-4be2-b0c0-1ee5ef2f8a32
high codex Nested initializer misuse bricks BToken initialization 0xd388b2a8e82df6a6c13a18ea7541df9449880954 $0.00 no 3 months ago df0b54ea-d387-4c94-beee-4819d345c6a5
high codex Privileged arbitrary delegatecall (owner backdoor) 0xe2b8eb988735f7709d08b7d07b41460073904830 $0.00 no 3 months ago 4e22cd5b-4962-4023-b255-f35d5e861e60
high codex Zero-in flashRebalance bypasses strategy validation and allows asset extraction 0xf90bb2baa90b457a35c37c5a96de2720ce367281 $0.00 no 3 months ago a6e01852-b60b-4be8-b0b9-857d2bbf0c58
high codex Nested initializer modifiers brick initialization 0x1ef756da62278f3d43b0994f6e9e276f47a363e8 $0.00 no 3 months ago 14d2a919-005d-46a6-a7b3-489433ee41c1
high codex Public initializer allows post-deployment ownership takeover 0x905d9368cf8a337c420bfb87705d2cdbb4e1c26a $0.00 no 3 months ago 9f165857-e441-49d5-955a-03f4c7445c6c
high codex Packet hashing uses abi.encodePacked with dynamic strings (collision-prone) 0xbdae358dc3b0389a5532d011a8b4098ffda11836 $0.00 no 3 months ago 2b03ce69-6667-4e80-a75c-83ddd1a33fc2
high codex Unprotected one-time admin initialization enables takeover 0x04b28ccf37828978140643525961d20099e63668 $637,572.19 no 3 months ago 6d8fe14b-7be1-4516-b786-7ecb14b9cdbb
high codex Reentrancy during module removal can permanently lock the SetToken 0x07834b06b5756056e065c0bd1639761ab8297513 $1,058,531.93 no 3 months ago 21882865-9b4a-4420-b853-fc947442c2be
high codex Public upgrade initializer allows anyone to set management fee after v1→v2 upgrade 0xc0026e559da7f2d4ee573616c09a8f721fa599bd $0.00 no 3 months ago 08e6a475-e8b8-4f68-8143-0dc96c883782
high codex YieldLimitExec hooks encode/decode mismatch can revert inbound mints and corrupt accounting 0xde1617ddb7c8a250a409d986930001985cfad76f $1,043,732.69 no 3 months ago 8334cc4c-d376-4cae-a657-bd2812b2b250
high codex Delegatecall to external ORDER_MANAGER_SINGLETON enables full vault takeover if that address is upgradeable/compromised 0x1d9d0956621bf85d1d4cafc92d76a0448a5e6b9b $0.00 no 3 months ago d6e884b9-0d8a-4410-802c-0d7b21b36433
high codex Initializer can be front‑run on uninitialized deployments 0x100dcb8b78c608d148cb207ac3875935dfe6abdc $0.00 no 3 months ago 63826368-2868-4338-bf44-3f1ac9518ef4
high codex Fee-on-transfer/deflationary tokens can inflate internal balances and drain other assets 0x6f400810b62df8e13fded51be75ff5393eaa841f $856,965.32 no 3 months ago d999d22b-2dac-4c56-a9ac-4ade13e4db17
high codex Reentrancy via transfer-out before state updates in borrow/withdraw 0x3fda67f7583380e67ef93072294a7fac882fd7e7 $1,322,493.75 no 3 months ago bcdfa77d-89f0-4bd4-94b1-88110b7b2e0f
high codex Unprotected reinitializer enables proxy takeover if initialization is not atomic 0x1a5d115a87e39fd8d8c9e53b91dbe5e0ec309dd2 $0.00 no 3 months ago 53258cf0-dc0d-412d-8abb-9515ee4dd8a9
high codex MintableToken allows unrestricted mint/burn, enabling collateral drain if used as the app-chain token 0x6d303cee7959f814042d31e0624fb88ec6fbcc1d $1,306,925.21 no 3 months ago f575c00d-7d47-4453-9d78-7ca636dc5e53
high codex ERC777 liquidation payments credit liquidator balance, enabling free collateral extraction 0x8a134e651432a902041643668940c9a9cd270633 $0.00 no 3 months ago 6625d03d-07b7-460c-b8f4-4fc0c7f1ad3b
high codex Public initializer can be front-run to seize ownership 0x631953e16e8a57fc159e1fb1d92443c981b00770 $0.00 no 3 months ago ebf4d2a3-9c75-49d6-8715-64af033d3f68
high codex Keeper can mint unbacked tokens and redeem underlying assets 0x6eaf19b2fc24552925db245f9ff613157a7dbb4c $1,881,444.93 no 3 months ago 8e0fa5ae-1f20-4051-b147-c113e2c80b1a
high codex Trade collateralization checks use stale balances (currentBalances never updated) 0xe883b3efdae637fc599b467478a23199778f2ccf $0.00 no 3 months ago df27c299-2f4f-495f-8947-7cb81561ac74
high codex Whitelisted caller can selfdestruct the contract 0x00000000003b3cc22af3ae1eac0440bcee416b40 $458,039.59 no 3 months ago a831cc82-3332-44dc-a8fb-dcf51c8ffe78
high codex Privileged selfdestruct sends balance to caller 0x01fdc48ba0903bb1ae7c517c9287d88ea236f8e1 $2,772,067.04 no 3 months ago ee30879d-f4f6-499a-b2bf-d4745076b528
high codex Whitelisted delegatecall enables arbitrary code execution 0x01fdc48ba0903bb1ae7c517c9287d88ea236f8e1 $2,772,067.04 no 3 months ago ee30879d-f4f6-499a-b2bf-d4745076b528
high codex Silo initializer is publicly callable, enabling first-caller takeover 0xef1bc66e0ea9717a3f2c969633a989d6bf41024b $0.00 no 3 months ago 5fac7a82-c226-4c04-b342-64f4f4f1792b
high codex Unprotected reinitializer allows ownership takeover after upgrade 0x2ccd5486ea1b2a52dcd387c01314f6a328f66cbb $0.00 no 3 months ago 800d1a06-36c1-4158-8fb9-5c70f2e6e4cd
high codex HighWaterMark initialized with underlying decimals triggers performance fees immediately for <18-decimal assets 0xe50554ec802375c9c3f9c087a8a7bb8c26d3dedf $0.00 no 3 months ago 42f21ca1-82d3-426a-a45a-788b3a4f9d5b
high codex Uninitialized lastFeeTime causes excessive management fees and can brick first settlement 0xe50554ec802375c9c3f9c087a8a7bb8c26d3dedf $0.00 no 3 months ago 42f21ca1-82d3-426a-a45a-788b3a4f9d5b
high codex Hardcoded privileged borrow bypasses Comptroller risk checks 0x2ac63723a576f89b628d514ff671300801dc1702 $0.00 no 3 months ago a66a7849-282c-405c-94d3-afe6d6d3f5a1
high codex Unprotected initialize allows hostile setup of critical bridge addresses 0xe80b4e0ed5e92d865f4708eee0e1564287a7d848 $0.00 no 3 months ago e9597aef-e9cc-49ba-9d81-2312231691b5
high codex LP share accounting ignores trader PnL and vault asset flows, enabling over-redemption 0xe3d41d19564922c9952f692c5dd0563030f5f2ef $21,609,903.28 no 3 months ago dc08fc38-6d54-4fb0-8a86-bb65f82abb39
high codex Unrestricted initialization of tap allows attacker-controlled liquidator 0x448a5065aebb8e423f0896e6c5d525c040f59af3 $20,792,403.90 no 3 months ago a07440d4-9742-4482-9bb0-05239d80eb1f
high codex `setup` is externally callable via proxy with no one-time initializer guard 0x99b5fa03a5ea4315725c43346e55a6a6fbd94098 $0.00 no 3 months ago 8a7c4282-fe4b-4a35-b94c-7694cbef39ea
high codex Unprotected one-time admin initialization can be front‑run 0x1681195c176239ac5e72d9aebacf5b2492e0c4ee $34,620,088.63 no 3 months ago 2d583407-2d3a-41a0-85ac-6f1a8195edd9
high codex Unprotected tap assignment allows attacker to seize liquidation/tax flows 0xbda109309f9fafa6dd6a9cb9f1df4085b27ee8ef $43,734,589.13 no 3 months ago f58f1e0d-d765-4f42-8774-1b1e4abc5a43
high codex Chainlink oracle responses are not validated for negative/stale data 0x6fcbbb527fb2954bed2b224a5bb7c23c5aeeb6e1 $266,056.63 no 3 months ago 019b426d-be82-7158-aec7-2fbd5b8cb931
high codex Gateway-controlled delegatecall enables arbitrary code execution in Agent context 0xd803472c47a87d7b63e888de53f03b4191b846a8 $7,165,862.10 no 3 months ago 019b422c-5600-71b9-95ab-04ba54ca9f3f