TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low codex Unchecked ERC20 transfer/transferFrom return values may mask failed asset movements 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
low codex EtherFi withdrawal accounting can be double-decremented if claims are repeatable 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
low codex Uninitialized proxy can be taken over via public initialize 0x0cfeac50835edfb3d5e9b08abd9011298e54eab1 $0.00 no 2 months ago 019c0eab-751d-710b-a0ed-2dd3476bcc5f
medium codex Redeem fulfillment allows asset/share mismatches and zero-share payouts 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
medium codex Oracle price trusted without freshness/sanity checks for share/asset accounting 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
medium codex Untrusted external CALLs with potential ETH value transfer and no detected guard 0x9c3a4329ff26934b04312162f83c8f69d52aa060 $0.00 no 2 months ago 019c0eab-4fce-73b8-bbdb-0d0d0ffdf301
high codex Computed DELEGATECALL targets reachable (potential arbitrary code execution in caller context) 0xd3f582f6b4814e989ee8e96bc3175320b5a540ab $0.00 no 2 months ago 019c0eab-41f8-709b-a0d5-a4b9b6478fe1
medium codex Untrusted external CALLs with ETH value possible 0xd3f582f6b4814e989ee8e96bc3175320b5a540ab $0.00 no 2 months ago 019c0eab-41f8-709b-a0d5-a4b9b6478fe1
medium codex External CALLs with value and computed targets lack an explicit reentrancy guard 0xfdeaf7d9ab542c6ad617666015e512fa1633b8a0 $44,492.00 no 2 months ago 019c0ea9-0820-7077-8c15-dac863742bd6
medium codex External CALL with ETH value to computed target (reentrancy/untrusted-call risk) 0xeda4c4067bdd708bb75ac620e1e2215a747a1f39 $0.00 no 2 months ago 019c0eaa-46e2-714b-a04f-a45cdb834d69
medium codex Signatures lack contract-domain separation, enabling replay across bridge instances 0x438285fbccba55ce8cdef276030e6b35a0b65b6b $0.00 no 2 months ago 019c0eaa-1573-73c9-bdcd-698f810a9fbd
low codex addApprovers allows zero address, letting invalid signatures count as approvals 0x438285fbccba55ce8cdef276030e6b35a0b65b6b $0.00 no 2 months ago 019c0eaa-1573-73c9-bdcd-698f810a9fbd
medium codex Low-level CALL with computed target/value (potential untrusted external call with ETH) 0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b $0.00 no 2 months ago 019c0ea9-f67b-73b7-80e6-a5d6cba42ff4
low codex Proxy implementation metadata conflict (EIP-1967) 0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b $0.00 no 2 months ago 019c0ea9-f67b-73b7-80e6-a5d6cba42ff4
medium codex Proxy can be seized if initialize is not called during deployment 0x46c64c1630f320b890d765e7c6f901574924b0c7 $0.00 no 2 months ago 019c0ea9-f016-739a-ad4f-c89570e9c08b
medium codex Asset limit can be bypassed via mint() 0x46c64c1630f320b890d765e7c6f901574924b0c7 $0.00 no 2 months ago 019c0ea9-f016-739a-ad4f-c89570e9c08b
medium codex Initializer can be front-running if deployment is not atomically initialized 0x43ffaa65fe273d2ef9edd78418091d41b1aa40e8 $0.00 no 2 months ago 019c0ea9-e9be-73c6-a611-a0ba6ee4b415
low codex Nonce is marked used after external call, enabling reentrancy-based griefing 0x43ffaa65fe273d2ef9edd78418091d41b1aa40e8 $0.00 no 2 months ago 019c0ea9-e9be-73c6-a611-a0ba6ee4b415
high codex Relayer refund can be reentered to withdraw multiple times 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
medium codex Author confirmations and lower proofs lack domain separation (replayable signatures) 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
low codex Unchecked ERC20 transfer return values 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
low codex Pause bypass for relayer operations 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
low codex Chainlink price used without sanity or staleness checks 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
high codex Initializer callable by anyone enables hostile bridge configuration 0x3203e813930bd710043c1d899fe38dd359307352 $0.00 no 2 months ago 019c0ea9-c986-7300-a119-1cc3848d4c55
critical codex Untrusted DELEGATECALL target reachable (arbitrary code execution risk) 0x97edcc0f6bb77191b4bf69a930e6d2383397433a $0.00 no 2 months ago 019c0ea9-9972-71e4-a291-55d964b938b2
medium codex External CALL with computed target/value (ETH transfer possible) 0x97edcc0f6bb77191b4bf69a930e6d2383397433a $0.00 no 2 months ago 019c0ea9-9972-71e4-a291-55d964b938b2
low codex Minimum-shares invariant can lock the last withdrawal for a token 0x28def88a5225fd50cdd081306be18fa7368e59f9 $0.00 no 2 months ago 019c0ea9-71ec-7140-b362-268cfeffbc7f
medium codex SELFDESTRUCT opcode present and marked reachable 0x7e0ae8e65fc3c322c9f2bedf630ce8ef799e292e $0.00 no 2 months ago 019c0ea9-2c1f-712c-a452-775a4bc4cf33
medium codex Low-level CALL with ETH value to computed target 0x7e0ae8e65fc3c322c9f2bedf630ce8ef799e292e $0.00 no 2 months ago 019c0ea9-2c1f-712c-a452-775a4bc4cf33
medium codex Computed DELEGATECALL target reachable (possible arbitrary code execution if unguarded) 0x7e0ae8e65fc3c322c9f2bedf630ce8ef799e292e $0.00 no 2 months ago 019c0ea9-2c1f-712c-a452-775a4bc4cf33
high codex Authorization uses tx.origin 0x9dc55070584ca0a58cdfe98eeb32b9a48dc9885c $42,772.61 no 2 months ago 019c0ea9-09c2-7372-be3e-5cedc6bce266
low codex External CALLs with computed target/value (potentially user-controlled) 0x9dc55070584ca0a58cdfe98eeb32b9a48dc9885c $42,772.61 no 2 months ago 019c0ea9-09c2-7372-be3e-5cedc6bce266
high codex Predictable/manipulable randomness for winner and jackpot selection 0x51e9244bae3fca7473fe48651dfd7db53aa55856 $42,830.95 no 2 months ago 019c0ea9-09bb-708b-a5eb-c7330d8c9ab3
medium codex Service can call lottery before round end and without winKey set 0x51e9244bae3fca7473fe48651dfd7db53aa55856 $42,830.95 no 2 months ago 019c0ea9-09bb-708b-a5eb-c7330d8c9ab3
low codex Initializer is externally callable; uninitialized proxy can be taken over 0xb71125df00a98a671f82c7b2e70e646ea2fa5894 $42,913.53 no 2 months ago 019c0ea9-09b4-70d2-b921-de227abe0b6b
medium codex Unchecked ERC20 transfer/transferFrom return values can desync accounting 0x264c13cfed981e3137fb43b198d14d8d5d64977e $42,983.22 no 2 months ago 019c0ea9-09a9-73f4-811c-8ba88e5365e8
medium codex Refunding current bidder via transfer can permanently block new bids or buys 0x41a322b28d0ff354040e2cbc676f0320d8c8850d $43,020.73 no 2 months ago 019c0ea9-09a2-715c-9fce-2dd33d658215
medium codex Payout transfers can revert and block all sales for a token (or globally if maintainer is a contract) 0x41a322b28d0ff354040e2cbc676f0320d8c8850d $43,020.73 no 2 months ago 019c0ea9-09a2-715c-9fce-2dd33d658215
low codex Owner can set fee percentages to values that make payouts revert 0x41a322b28d0ff354040e2cbc676f0320d8c8850d $43,020.73 no 2 months ago 019c0ea9-09a2-715c-9fce-2dd33d658215
high codex Initializer is publicly callable, enabling admin takeover if proxy is left uninitialized 0xfcf8eda095e37a41e002e266daad7efc1579bc0a $43,190.99 no 2 months ago 019c0ea9-0991-73a8-9d8e-2bfc551e719c
medium codex Rounding in external↔internal unit conversion allows transfers exceeding displayed balance and misleading Transfer events 0xfcf8eda095e37a41e002e266daad7efc1579bc0a $43,190.99 no 2 months ago 019c0ea9-0991-73a8-9d8e-2bfc551e719c
medium codex Computed CALL targets/values could enable arbitrary external calls/ETH forwarding (if user-controlled) 0x2c79e1a51e25fffff54c3becadbf1554841a8fc8 $43,226.89 no 2 months ago 019c0ea9-0984-7238-bcd4-f122b4ccad2e
low codex External calls can occur before storage updates along CFG path 0x2c79e1a51e25fffff54c3becadbf1554841a8fc8 $43,226.89 no 2 months ago 019c0ea9-0984-7238-bcd4-f122b4ccad2e
high codex Orders are unauthenticated, allowing relays to execute arbitrary trades or penalties against any trader 0xfca6a62a11cd75ef6506c4973a67c5b2a3d8915f $43,264.41 no 2 months ago 019c0ea9-0976-7128-8854-e104b5d873b5
low codex Unchecked ERC20 return values can silently fail transfers and strand/refund tokens in Uniswapper 0xfca6a62a11cd75ef6506c4973a67c5b2a3d8915f $43,264.41 no 2 months ago 019c0ea9-0976-7128-8854-e104b5d873b5
medium codex Mint signatures are not bound to a trusted signer (anyone can self‑authorize) 0xdaca87395f3b1bbc46f3fa187e996e03a5dcc985 $43,294.45 no 2 months ago 019c0ea9-0968-7020-87be-641769d60ed2
low codex Signatures are replayable across contracts/chains (no domain separation or nonce) 0xdaca87395f3b1bbc46f3fa187e996e03a5dcc985 $43,294.45 no 2 months ago 019c0ea9-0968-7020-87be-641769d60ed2
medium codex Deposits mint based on requested amount, not actual underlying received 0xea928a8d09e11c66e074fbf2f6804e19821f438d $43,295.97 no 2 months ago 019c0ea9-0961-705e-9c6a-af33c99adc92
low codex Zero/self address check is ineffective due to `||`, allowing unintended transfers 0xea928a8d09e11c66e074fbf2f6804e19821f438d $43,295.97 no 2 months ago 019c0ea9-0961-705e-9c6a-af33c99adc92
high codex Multi-bridge transfers do not enforce payload consistency across adapters 0xb0614316d1f45a5da4b09b198cb6cd8fb44bb47b $43,396.86 no 2 months ago 019c0ea9-0954-73b5-b34f-d86eee9f9728