TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Unprotected initializer allows manager takeover if deployment is not atomic 0xb542d5cb34ef265fb87c170181127332f7797369 $0.00 no 3 months ago 57607431-8897-4c7e-aa5c-98624726087b
high codex Unprotected initializer allows takeover of uninitialized AToken proxy 0x30d06a9a992473a6a5d8b54f56bf457fa020794d $0.00 no 3 months ago 4b4a6e13-aa21-49a9-b499-317b5b9e8f6e
high codex Public initializers enable proxy takeover if not called atomically 0x281aa2e0684439ed9fee12eff0d8ff346b755a39 $0.00 no 3 months ago 845cb09f-5c1f-4394-8c8b-28bd2c6cb69a
high codex Unprotected initializer enables ownership takeover on uninitialized deployments 0xd928d07d9c2629ecd3f3b81685b27bd50383f028 $0.00 no 3 months ago 28c692cb-34be-4594-99b9-e4f1085a916a
high codex Withdrawals ignore locked collateral, enabling pool insolvency 0xb9ed94c6d594b2517c4296e24a8c517ff133fb6d $249,700.33 no 3 months ago 4512afe7-5f93-4201-92ac-099a73dc43a6
high codex Initializer can be called by anyone before owners are set 0x95ca2f7959f8848795dfb0868c1b0c59dd4e9330 $0.00 no 3 months ago e566fdea-a7ec-4850-8cb6-a61d047e3f9d
high codex Unrestricted initializer allows proxy takeover if not initialized atomically 0x30d06a9a992473a6a5d8b54f56bf457fa020794d $0.00 no 3 months ago 0589f940-a7f8-42a6-985f-77e5f0b4e9ab
high codex Delegatecall into adapter grants full vault control if adapter is compromised or upgradeable 0x7a477d6570386e2b9d0f14d03bd976b0c68b94b9 $0.00 no 3 months ago 0bcec04f-71c6-45e6-b451-df0c2c08db21
high codex Upgradeable proxy can be taken over if not initialized atomically 0x0e6590f64a82cbc838b2a087281689de1a5bc8e0 $0.00 no 3 months ago 0f2dae3b-fa8e-4cc8-9793-fb705919c460
high codex Initializer chaining uses `initializer` on parent functions, causing init revert and enabling role takeover/DoS 0xc616eaf17c5e3349c1fa493459494bb4dd0fd788 $0.00 no 3 months ago 2deaa8fd-acba-426c-b3ce-676760114af5
high codex Initializer callable by anyone can set owner if not initialized 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 3 months ago f0cc17b9-48e1-4232-bd71-d421f424b320
high codex Unprotected initialization enables auction takeover if not initialized atomically 0x364b7e2d5b11b9d2016d232fa271d89d5e6065f1 $0.00 no 3 months ago d49d2b94-52b3-40cd-ba7d-b3d971c536fe
high codex Unprotected initialize allows ownership takeover 0x0bc8c8212c0c74773671c4badb18999c2b07f3c6 $0.00 no 3 months ago 4bfc085c-4949-4583-ba5f-ccaa37b0cce6
high codex Signed execution appears replayable (no nonce/used-hash storage) 0x3ef1c8133d80665ec873ac41e152dda3251a7606 $389,012.80 no 3 months ago c73bdf6c-5147-4fd5-ad47-f180be523585
high codex Keeper-controlled currentBalance can arbitrarily skew pricePerShare and queued withdrawals 0xf3b466f09ef476e311ce275407cfb09a8d8de3a7 $390,642.76 no 3 months ago bb4cd4e4-bb89-4d72-9bad-ab081d2ed309
high codex Escrow initialization is externally callable without access control 0x8abf5358a88ca2586635d646aaaff172572fb0ed $0.00 no 3 months ago f5e42a86-2af2-44b4-88c7-d11e26872a6a
high codex Reentrancy in _repay can overwrite debt shares and create unbacked debt 0xa2754543f69dc036764bbfad16d2a74f5cd15667 $331,700.32 no 3 months ago 4e0da3db-4110-44e1-8969-17c73f235b0a
high codex Initializer and upgrade authorization depend on the ERC1967 admin slot, which is unset/unreachable in typical UUPS deployments 0xa4e6762eaaf259da74696f46faaf79ba9dde14e6 $0.00 no 3 months ago 4569b6c8-4f2a-475a-a123-61c4c377a66f
high codex Re-initializable setup can grant operator/flow-limiter roles to an attacker 0x8832f0381707bb29756edecf42580800207f2a9e $0.00 no 3 months ago 86d4515f-6381-4ede-ac6f-89c32fe84757
high codex Public initializer can be front-run to hijack gateway configuration 0xb4299a1f5f26ff6a98b7ba35572290c359fde900 $0.00 no 3 months ago ce4d273e-c903-4f23-ab6a-43ad55bdeb64
high codex onlyL2Bridge fails open when messenger wrapper is unset or non-contract 0x3666f603cc164936c1b87e207f36beba4ac5f18a $538,298.12 no 3 months ago d486ca60-71f4-4936-9bef-5d94fbca5fdd
high codex Initializer callable after constructor enables ownership takeover on non-atomic deployments 0x8cfec459f62055ed3104a577c6613522c10b55c4 $0.00 no 3 months ago b204c673-73d8-4a76-b490-0df979244afc
high codex Withdraw/redeem always revert due to double nonReentrant in yTHOR overrides 0x8793cd69895c45b2d2474236b3cb28fc5c764775 $263,485.84 no 3 months ago 478c0b93-42fb-420f-976c-10c0f10515a8
high codex Unrestricted dispatcher initialize allows arbitrary sub-contract replacement and delegatecall execution 0x8c43c9bec15d82d153c52518030e0a9590abd35d $0.00 no 3 months ago 42220919-1f55-4be2-b0c0-1ee5ef2f8a32
high codex Nested initializer misuse bricks BToken initialization 0xd388b2a8e82df6a6c13a18ea7541df9449880954 $0.00 no 3 months ago df0b54ea-d387-4c94-beee-4819d345c6a5
high codex Privileged arbitrary delegatecall (owner backdoor) 0xe2b8eb988735f7709d08b7d07b41460073904830 $0.00 no 3 months ago 4e22cd5b-4962-4023-b255-f35d5e861e60
high codex Zero-in flashRebalance bypasses strategy validation and allows asset extraction 0xf90bb2baa90b457a35c37c5a96de2720ce367281 $0.00 no 3 months ago a6e01852-b60b-4be8-b0b9-857d2bbf0c58
high codex Nested initializer modifiers brick initialization 0x1ef756da62278f3d43b0994f6e9e276f47a363e8 $0.00 no 3 months ago 14d2a919-005d-46a6-a7b3-489433ee41c1
high codex Public initializer allows post-deployment ownership takeover 0x905d9368cf8a337c420bfb87705d2cdbb4e1c26a $0.00 no 3 months ago 9f165857-e441-49d5-955a-03f4c7445c6c
high codex Packet hashing uses abi.encodePacked with dynamic strings (collision-prone) 0xbdae358dc3b0389a5532d011a8b4098ffda11836 $0.00 no 3 months ago 2b03ce69-6667-4e80-a75c-83ddd1a33fc2
high codex Unprotected one-time admin initialization enables takeover 0x04b28ccf37828978140643525961d20099e63668 $637,572.19 no 3 months ago 6d8fe14b-7be1-4516-b786-7ecb14b9cdbb
high codex Reentrancy during module removal can permanently lock the SetToken 0x07834b06b5756056e065c0bd1639761ab8297513 $1,058,531.93 no 3 months ago 21882865-9b4a-4420-b853-fc947442c2be
high codex Public upgrade initializer allows anyone to set management fee after v1→v2 upgrade 0xc0026e559da7f2d4ee573616c09a8f721fa599bd $0.00 no 3 months ago 08e6a475-e8b8-4f68-8143-0dc96c883782
high codex YieldLimitExec hooks encode/decode mismatch can revert inbound mints and corrupt accounting 0xde1617ddb7c8a250a409d986930001985cfad76f $1,043,732.69 no 3 months ago 8334cc4c-d376-4cae-a657-bd2812b2b250
high codex Delegatecall to external ORDER_MANAGER_SINGLETON enables full vault takeover if that address is upgradeable/compromised 0x1d9d0956621bf85d1d4cafc92d76a0448a5e6b9b $0.00 no 3 months ago d6e884b9-0d8a-4410-802c-0d7b21b36433
high codex Initializer can be front‑run on uninitialized deployments 0x100dcb8b78c608d148cb207ac3875935dfe6abdc $0.00 no 3 months ago 63826368-2868-4338-bf44-3f1ac9518ef4
high codex Fee-on-transfer/deflationary tokens can inflate internal balances and drain other assets 0x6f400810b62df8e13fded51be75ff5393eaa841f $856,965.32 no 3 months ago d999d22b-2dac-4c56-a9ac-4ade13e4db17
high codex Reentrancy via transfer-out before state updates in borrow/withdraw 0x3fda67f7583380e67ef93072294a7fac882fd7e7 $1,322,493.75 no 3 months ago bcdfa77d-89f0-4bd4-94b1-88110b7b2e0f
high codex Unprotected reinitializer enables proxy takeover if initialization is not atomic 0x1a5d115a87e39fd8d8c9e53b91dbe5e0ec309dd2 $0.00 no 3 months ago 53258cf0-dc0d-412d-8abb-9515ee4dd8a9
high codex MintableToken allows unrestricted mint/burn, enabling collateral drain if used as the app-chain token 0x6d303cee7959f814042d31e0624fb88ec6fbcc1d $1,306,925.21 no 3 months ago f575c00d-7d47-4453-9d78-7ca636dc5e53
high codex ERC777 liquidation payments credit liquidator balance, enabling free collateral extraction 0x8a134e651432a902041643668940c9a9cd270633 $0.00 no 3 months ago 6625d03d-07b7-460c-b8f4-4fc0c7f1ad3b
high codex Public initializer can be front-run to seize ownership 0x631953e16e8a57fc159e1fb1d92443c981b00770 $0.00 no 3 months ago ebf4d2a3-9c75-49d6-8715-64af033d3f68
high codex Keeper can mint unbacked tokens and redeem underlying assets 0x6eaf19b2fc24552925db245f9ff613157a7dbb4c $1,881,444.93 no 3 months ago 8e0fa5ae-1f20-4051-b147-c113e2c80b1a
high codex Trade collateralization checks use stale balances (currentBalances never updated) 0xe883b3efdae637fc599b467478a23199778f2ccf $0.00 no 3 months ago df27c299-2f4f-495f-8947-7cb81561ac74
high codex Whitelisted caller can selfdestruct the contract 0x00000000003b3cc22af3ae1eac0440bcee416b40 $458,039.59 no 3 months ago a831cc82-3332-44dc-a8fb-dcf51c8ffe78
high codex Whitelisted delegatecall enables arbitrary code execution 0x01fdc48ba0903bb1ae7c517c9287d88ea236f8e1 $2,772,067.04 no 3 months ago ee30879d-f4f6-499a-b2bf-d4745076b528
high codex Privileged selfdestruct sends balance to caller 0x01fdc48ba0903bb1ae7c517c9287d88ea236f8e1 $2,772,067.04 no 3 months ago ee30879d-f4f6-499a-b2bf-d4745076b528
high codex Silo initializer is publicly callable, enabling first-caller takeover 0xef1bc66e0ea9717a3f2c969633a989d6bf41024b $0.00 no 3 months ago 5fac7a82-c226-4c04-b342-64f4f4f1792b
high codex Unprotected reinitializer allows ownership takeover after upgrade 0x2ccd5486ea1b2a52dcd387c01314f6a328f66cbb $0.00 no 3 months ago 800d1a06-36c1-4158-8fb9-5c70f2e6e4cd
high codex HighWaterMark initialized with underlying decimals triggers performance fees immediately for <18-decimal assets 0xe50554ec802375c9c3f9c087a8a7bb8c26d3dedf $0.00 no 3 months ago 42f21ca1-82d3-426a-a45a-788b3a4f9d5b