TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Unprotected initialize allows hostile takeover of escrow market 0xd01159af63c39ef4de125ac3baa940893e8009cd $43,400.00 no 2 months ago 019c0ea9-094d-71d5-afa7-e616ff0989ab
low codex ERC20 transfer return value ignored 0xd01159af63c39ef4de125ac3baa940893e8009cd $43,400.00 no 2 months ago 019c0ea9-094d-71d5-afa7-e616ff0989ab
medium codex External CALL with computed target/value and unchecked return 0x9ba6e731becc5c04878eef7d52c90a8cf07746ae $43,419.02 no 2 months ago 019c0ea9-0945-71ab-a38f-8eb14a6f4179
low codex Authorization guard compares msg.sender to constant 0xffff… (possible hardcoded admin/lockout) 0x9ba6e731becc5c04878eef7d52c90a8cf07746ae $43,419.02 no 2 months ago 019c0ea9-0945-71ab-a38f-8eb14a6f4179
high codex Pool can be permanently bricked after endBlock due to underflow in reward calculation 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
medium codex Reentrancy in deposit via untrusted pool tokens can double-claim rewards 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
low codex Fee-on-transfer/rebasing tokens break accounting and reward distribution 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
medium codex Authorization uses tx.origin (phishable auth bypass) 0xa57eda20be51ae07df3c8b92494c974a92cf8956 $43,551.19 no 2 months ago 019c0ea9-0927-724a-89b6-62611e7a5660
low codex External CALLs with computed target/value (potential untrusted call / reentrancy surface) 0xa57eda20be51ae07df3c8b92494c974a92cf8956 $43,551.19 no 2 months ago 019c0ea9-0927-724a-89b6-62611e7a5660
medium codex ERC20 mints are not charged in signature-based minting 0xaeec7611c3cb03957cc6c1036ce43d6894b52836 $43,555.00 no 2 months ago 019c0ea9-091f-7020-ac96-1c592f9af440
low codex Reentrancy/DoS risk in ETH withdrawal loop 0xaeec7611c3cb03957cc6c1036ce43d6894b52836 $43,555.00 no 2 months ago 019c0ea9-091f-7020-ac96-1c592f9af440
low codex ERC20 withdrawals use transferFrom and ignore return values 0xaeec7611c3cb03957cc6c1036ce43d6894b52836 $43,555.00 no 2 months ago 019c0ea9-091f-7020-ac96-1c592f9af440
high codex Oracle price used without freshness/validity checks enables share mispricing 0x3a43aec53490cb9fa922847385d82fe25d0e9de7 $43,555.55 no 2 months ago 019c0ea9-0919-70a6-b4c7-3e776897cc66
low codex Canceled redeems return shares to receiver, not the original owner 0x3a43aec53490cb9fa922847385d82fe25d0e9de7 $43,555.55 no 2 months ago 019c0ea9-0919-70a6-b4c7-3e776897cc66
low codex Privileged arbitrary external call can move ETH/tokens 0x32e297877fec71e93ff3bb40e1fb10f9f9c32800 $43,602.04 no 2 months ago 019c0ea9-090d-708e-8500-724695b54269
medium codex Potentially user-influenced external CALLs with ETH value 0xeba02cfc36c01acbe10f6bcb909b76749e54956a $43,634.18 no 2 months ago 019c0ea9-0907-7184-aaf7-3f9385a0e75c
low codex CALLCODE present in unreachable tail code (if reachable, executes in caller storage) 0xeba02cfc36c01acbe10f6bcb909b76749e54956a $43,634.18 no 2 months ago 019c0ea9-0907-7184-aaf7-3f9385a0e75c
medium codex Computed DELEGATECALL target may be attacker-controlled 0xa2d07d64d7cfc0fe1b58549ea36119e9e81a88f6 $43,703.23 no 2 months ago 019c0ea9-0900-7147-9322-e26ba5b89eeb
low codex External CALLs with ETH to computed targets require strict authorization 0xa2d07d64d7cfc0fe1b58549ea36119e9e81a88f6 $43,703.23 no 2 months ago 019c0ea9-0900-7147-9322-e26ba5b89eeb
low codex Delegated merkle mints mint to msg.sender instead of mintFor 0x26bbea7803dcac346d5f5f135b57cf2c752a02be $43,747.70 no 2 months ago 019c0ea9-08f1-726f-a59c-d9b65fc803ef
high codex Authorization relies on tx.origin 0xde527099f9ecf94a67bc94c676694453f6bda781 $43,810.73 no 2 months ago 019c0ea9-08e3-7163-96ac-fbbb435f09e3
low codex Nonzero ETH value transfer possible via CALL 0xde527099f9ecf94a67bc94c676694453f6bda781 $43,810.73 no 2 months ago 019c0ea9-08e3-7163-96ac-fbbb435f09e3
low codex CALL sites with computed targets/values (untrusted call surface uncertain) 0xde527099f9ecf94a67bc94c676694453f6bda781 $43,810.73 no 2 months ago 019c0ea9-08e3-7163-96ac-fbbb435f09e3
medium codex Authorization uses tx.origin (phishing-prone) 0xfdc77b9cb732eb8c896b152e28294521f5f62e67 $43,861.09 no 2 months ago 019c0ea9-08d3-73c7-9a5b-cdbf6695439c
medium codex CALLCODE with computed targets (delegatecall-like execution) 0xfdc77b9cb732eb8c896b152e28294521f5f62e67 $43,861.09 no 2 months ago 019c0ea9-08d3-73c7-9a5b-cdbf6695439c
low codex Many external CALLs use computed target/value (untrusted call surface) 0xfdc77b9cb732eb8c896b152e28294521f5f62e67 $43,861.09 no 2 months ago 019c0ea9-08d3-73c7-9a5b-cdbf6695439c
high codex Proposal hash omits assetId, enabling cross-asset replay within the same vault 0x99571e95db76b5cbc986ad1044ac73a0a7a09e28 $43,892.15 no 2 months ago 019c0ea9-08cc-7154-a38a-1d2d33f60a5c
low codex Observer bitmap truncation if constructor sets >128 observers allows unlimited voting by high-index observers 0x99571e95db76b5cbc986ad1044ac73a0a7a09e28 $43,892.15 no 2 months ago 019c0ea9-08cc-7154-a38a-1d2d33f60a5c
medium codex CALLCODE to computed target can execute arbitrary logic in caller storage 0xbc27b882b65e40205efcb9373b11b06caa7c0f81 $44,034.33 no 2 months ago 019c0ea9-08bd-7012-bb9e-216b37447f5f
medium codex External CALLs with computed targets/values and no return checks 0xbc27b882b65e40205efcb9373b11b06caa7c0f81 $44,034.33 no 2 months ago 019c0ea9-08bd-7012-bb9e-216b37447f5f
medium codex Anyone can create a distribution for any party using global unaccounted balances, enabling front‑running theft of deposits 0x1ca2007a81f8a7491bb6e11d8e357fd810896454 $44,058.05 no 2 months ago 019c0ea9-08b4-71da-b1cb-0a3294685f27
medium codex Potential authorization based on tx.origin 0x7c0672f0b74b89d4e8cf928ed42064cc1ae57d5b $44,190.48 no 2 months ago 019c0ea9-0888-70f2-b5cc-602ce8b6093e
medium codex Computed CALL target/value allows potential arbitrary call/ETH transfer (context unclear) 0x44664edd1785266e8c5c23492dc73836136866bc $44,202.38 no 2 months ago 019c0ea9-0881-7272-8ad3-993262b19dcd
medium codex Partner share accounting double-counts 10% of team fee, creating insolvency risk 0xd7378939089abd6656d3f523bf55edcd2213332c $44,209.24 no 2 months ago 019c0ea9-087a-7236-bc5e-74b0177b1ff2
low codex Team pot distribution uses integer division before multiplication, effectively zeroing most payouts 0xd7378939089abd6656d3f523bf55edcd2213332c $44,209.24 no 2 months ago 019c0ea9-087a-7236-bc5e-74b0177b1ff2
medium codex Unbounded external oracle/ERC4626 rates can be manipulated to skew pricing 0x1220868672d5b10f3e1cb9ab519e4d0b08545ea4 $44,216.16 no 2 months ago 019c0ea9-0873-7027-8bad-1578e90d309c
low codex permit accepts malleable ECDSA signatures (no low‑s enforcement) 0x1220868672d5b10f3e1cb9ab519e4d0b08545ea4 $44,216.16 no 2 months ago 019c0ea9-0873-7027-8bad-1578e90d309c
medium codex External CALLs with computed target/value may allow arbitrary call/value forwarding 0x9665368f54e19e94adbd0780326871ce9660f61d $44,223.88 no 2 months ago 019c0ea9-086b-7039-af33-ba1f33f7260e
low codex ERC20 transfer/transferFrom calls do not appear to validate return data 0x9665368f54e19e94adbd0780326871ce9660f61d $44,223.88 no 2 months ago 019c0ea9-086b-7039-af33-ba1f33f7260e
low codex CREATE2 result appears unchecked 0x9665368f54e19e94adbd0780326871ce9660f61d $44,223.88 no 2 months ago 019c0ea9-086b-7039-af33-ba1f33f7260e
critical codex Untrusted DELEGATECALL target reachable (not a proxy) 0x3e2d7bf7f7b883e0ef771821d0b421529c5e97ff $44,239.52 no 2 months ago 019c0ea9-0863-70d8-91df-737c5ebff191
medium codex ETH value CALLs to computed targets 0x3e2d7bf7f7b883e0ef771821d0b421529c5e97ff $44,239.52 no 2 months ago 019c0ea9-0863-70d8-91df-737c5ebff191
medium codex Anyone can end another user’s matured stake, cutting off their future rewards 0xbc0043bc5b0c394d9d05d49768f9548f8cf9587b $44,257.70 no 2 months ago 019c0ea9-085c-723d-86d7-deacd328451d
low codex Share/accounting assumes full token transfer; deflationary tokens can break invariants 0xbc0043bc5b0c394d9d05d49768f9548f8cf9587b $44,257.70 no 2 months ago 019c0ea9-085c-723d-86d7-deacd328451d
medium codex Authorization appears to rely on tx.origin 0x7553e4dd8c0fb7b2332316860279d476fc2fdff2 $44,384.10 no 2 months ago 019c0ea9-0846-7236-8cf2-88fd1bc70685
low codex External CALLs with value and computed target; return handling unknown 0x7553e4dd8c0fb7b2332316860279d476fc2fdff2 $44,384.10 no 2 months ago 019c0ea9-0846-7236-8cf2-88fd1bc70685
high codex Authorization relies on tx.origin 0xbf96042d61937b1686b81557c3a92806f1727ecf $44,386.81 no 2 months ago 019c0ea9-0840-7237-af59-7bfbb24d83fa
low codex Low-level CALLs with computed target/value; trust and reentrancy safety unclear 0xbf96042d61937b1686b81557c3a92806f1727ecf $44,386.81 no 2 months ago 019c0ea9-0840-7237-af59-7bfbb24d83fa
medium codex Unbounded loop in buy can permanently DoS purchases 0x6103281b7d1f7862d692fda42dc06ece61a40547 $44,488.66 no 2 months ago 019c0ea9-0829-7078-a220-b87a44a91042
low codex Price growth can overflow and wrap, breaking pricing invariants 0x6103281b7d1f7862d692fda42dc06ece61a40547 $44,488.66 no 2 months ago 019c0ea9-0829-7078-a220-b87a44a91042