TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Version-dependent storage slots can brick the proxy and strand assets on upgrade 0xc95b806ac073df930014ac476d26c8ad918f14e0 $41,195.58 no 2 weeks ago 019d5666-721c-732b-98f2-8fef0dd24f32
medium codex `createLimitOrder` does not constrain CoWSwap `feeAmount`, so CALLER_ROLE can spend more than `params.amountIn` 0xc95b806ac073df930014ac476d26c8ad918f14e0 $41,195.58 no 2 weeks ago 019d5666-721c-732b-98f2-8fef0dd24f32
high detector ETH value transfer possible 0x00000000d681e85e5783588f87a9573cb97eda01 $0.00 no no 2 weeks ago 019d5666-f542-7208-84bc-d2e3db83e367
high detector Untrusted CALL target/value reachable 0x00000000d681e85e5783588f87a9573cb97eda01 $0.00 no no 2 weeks ago 019d5666-f542-7208-84bc-d2e3db83e367
medium detector CREATE/CREATE2 reachable 0x00000000d681e85e5783588f87a9573cb97eda01 $0.00 no no 2 weeks ago 019d5666-f542-7208-84bc-d2e3db83e367
low cast Contract creation opcode present 0x00000000d681e85e5783588f87a9573cb97eda01 $0.00 no 2 weeks ago 019d5666-f542-7208-84bc-d2e3db83e367
info cast Heavy CALL-family usage 0x00000000d681e85e5783588f87a9573cb97eda01 $0.00 no 2 weeks ago 019d5666-f542-7208-84bc-d2e3db83e367
info cast Heavy EXTCODE*/BALANCE usage 0x00000000d681e85e5783588f87a9573cb97eda01 $0.00 no 2 weeks ago 019d5666-f542-7208-84bc-d2e3db83e367
medium slither KeepToken._recoverSig(bytes32,address,uint8,bytes32,bytes32).isValid (contracts/Contract.sol#155) is written in both 0xccb57afedecc8d975ca4ae06f850a175142499de $41,269.00 no 2 weeks ago 019d5666-7216-7238-b7b1-e53620c8a60e
high codex Public initializer allows takeover of any uninitialized clone/proxy 0xccb57afedecc8d975ca4ae06f850a175142499de $41,269.00 no 2 weeks ago 019d5666-7216-7238-b7b1-e53620c8a60e
high codex Mint permission can self-issue admin keys and seize full control 0xccb57afedecc8d975ca4ae06f850a175142499de $41,269.00 no 2 weeks ago 019d5666-7216-7238-b7b1-e53620c8a60e
high codex Fee-on-transfer ERC20s can overmint bridge balances and drain pooled collateral 0x588801ca36558310d91234afc2511502282b1621 $41,272.95 no 2 weeks ago 019d5666-7210-72a7-9067-e58ac94c06d2
high detector ETH value transfer possible 0x29353f77c6b0d3772d73e708cc8e1fca08c80c11 $0.00 no no 2 weeks ago 019d5666-e916-7246-acfd-c2f7d6ef4d74
high detector Untrusted CALL target/value reachable 0x29353f77c6b0d3772d73e708cc8e1fca08c80c11 $0.00 no no 2 weeks ago 019d5666-e916-7246-acfd-c2f7d6ef4d74
info cast Heavy EXTCODE*/BALANCE usage 0x29353f77c6b0d3772d73e708cc8e1fca08c80c11 $0.00 no 2 weeks ago 019d5666-e916-7246-acfd-c2f7d6ef4d74
medium codex Irreversible state transitions can strand credited balances while backing ETH is still sweepable 0x6ee4bc4cbc09346e718fad1933f9ca32543ddc93 $41,278.86 no 2 weeks ago 019d5666-720b-73fb-be2d-e65507781793
low codex ETH payouts use a hardcoded 2300-gas CALL, which can brick payouts to contract recipients 0x6ee4bc4cbc09346e718fad1933f9ca32543ddc93 $41,278.86 no 2 weeks ago 019d5666-720b-73fb-be2d-e65507781793
high codex Nominal ERC20 accounting makes fee-on-transfer collateral tokens insolvent 0x849f4081899305a1fd24aac84db5174eb60dc28e $41,313.94 no 2 weeks ago 019d5666-7204-7199-9428-87c933f7acea
high codex `fillOffer` can be reentered before `filledAmount` is updated, allowing overfilled orders 0x849f4081899305a1fd24aac84db5174eb60dc28e $41,313.94 no 2 weeks ago 019d5666-7204-7199-9428-87c933f7acea
medium codex Owner can confiscate live escrow by de-whitelisting a token before `withdrawStuckToken` 0x849f4081899305a1fd24aac84db5174eb60dc28e $41,313.94 no 2 weeks ago 019d5666-7204-7199-9428-87c933f7acea
high detector ETH value transfer possible 0x6ac64c4760e0590f88233b2046810e87e0354324 $0.00 no no 2 weeks ago 019d5666-ddb2-7138-a85b-4026ca2b3eec
high detector Untrusted CALL target/value reachable 0x6ac64c4760e0590f88233b2046810e87e0354324 $0.00 no no 2 weeks ago 019d5666-ddb2-7138-a85b-4026ca2b3eec
info cast Heavy CALL-family usage 0x6ac64c4760e0590f88233b2046810e87e0354324 $0.00 no 2 weeks ago 019d5666-ddb2-7138-a85b-4026ca2b3eec
high codex Anyone can call post-dispatch hooks directly for the current latest message 0x15b5d6b614242b118aa404528a7f3e2ad241e4a4 $41,345.31 no 2 weeks ago 019d5666-71ff-7060-88f6-c0d2b403a889
high codex Permissionless initializers let the first caller seize control and mint supply 0x15b5d6b614242b118aa404528a7f3e2ad241e4a4 $41,345.31 no 2 weeks ago 019d5666-71ff-7060-88f6-c0d2b403a889
low codex DestinationRecipientRoutingHook quotes the wrong hook for recipient-specific routes 0x15b5d6b614242b118aa404528a7f3e2ad241e4a4 $41,345.31 no 2 weeks ago 019d5666-71ff-7060-88f6-c0d2b403a889
low codex Deposits revert when no shares exist 0x50c2954613e70294088c7001d6f4a641f155b369 $41,351.32 no 2 weeks ago 019d5666-71fa-715c-bc73-4d8f84d559bb
low codex Reverting shareholder contracts can block share updates 0x50c2954613e70294088c7001d6f4a641f155b369 $41,351.32 no 2 weeks ago 019d5666-71fa-715c-bc73-4d8f84d559bb
medium slither Reentrancy in UniswapV3Pool.swap(address,bool,int256,uint160,bytes) (contracts/UniswapV3Pool.sol#596-788): 0xb9c4a5522a2f8ba9e2ff7063df8c02ed443337a3 $41,361.45 no 2 weeks ago 019d5666-71f3-700a-a9ae-63d8781f905f
medium slither Reentrancy in UniswapV3Pool.collectProtocol(address,uint128,uint128) (contracts/UniswapV3Pool.sol#848-868): 0xb9c4a5522a2f8ba9e2ff7063df8c02ed443337a3 $41,361.45 no 2 weeks ago 019d5666-71f3-700a-a9ae-63d8781f905f
medium slither Reentrancy in UniswapV3Pool.swap(address,bool,int256,uint160,bytes) (contracts/UniswapV3Pool.sol#596-788): 0x33b8213de159884531957097f1722a12436014cc $41,382.11 no 2 weeks ago 019d5666-71ed-7022-8ff1-cc1a642c7804
medium slither Reentrancy in UniswapV3Pool.collectProtocol(address,uint128,uint128) (contracts/UniswapV3Pool.sol#848-868): 0x33b8213de159884531957097f1722a12436014cc $41,382.11 no 2 weeks ago 019d5666-71ed-7022-8ff1-cc1a642c7804
medium slither Reentrancy in UniswapV3Pool.swap(address,bool,int256,uint160,bytes) (contracts/UniswapV3Pool.sol#596-788): 0xda99f4f2fe926b90f07f5f4eb0ce773f7173c6a0 $41,391.58 no 2 weeks ago 019d5666-71e7-73ce-89eb-62e7b289a74d
medium slither Reentrancy in UniswapV3Pool.collectProtocol(address,uint128,uint128) (contracts/UniswapV3Pool.sol#848-868): 0xda99f4f2fe926b90f07f5f4eb0ce773f7173c6a0 $41,391.58 no 2 weeks ago 019d5666-71e7-73ce-89eb-62e7b289a74d
critical codex `claimRewardsBySig` trusts attacker-chosen reward amounts and can drain pooled rewards 0x22a591793a9dd506bb3009522dec919120dc3087 $41,484.99 no 2 weeks ago 019d5666-71df-70bc-b254-bdcd67639ea9
critical codex Keeper-supplied `pricePerShare` can be ratcheted away from NAV to steal value from other LPs 0x22a591793a9dd506bb3009522dec919120dc3087 $41,484.99 no 2 weeks ago 019d5666-71df-70bc-b254-bdcd67639ea9
high detector Untrusted DELEGATECALL target reachable 0x04393e5c6701237d7ee836d644f8dbdd122afebc $0.00 no no 2 weeks ago 019d5666-b2b6-72b3-991d-f09cf3f2b2ec
high detector Authorization based on tx.origin 0x04393e5c6701237d7ee836d644f8dbdd122afebc $0.00 no 2 weeks ago 019d5666-b2b6-72b3-991d-f09cf3f2b2ec
medium detector Untrusted CALL target/value reachable 0x04393e5c6701237d7ee836d644f8dbdd122afebc $0.00 no no 2 weeks ago 019d5666-b2b6-72b3-991d-f09cf3f2b2ec
medium detector ETH value transfer possible 0x04393e5c6701237d7ee836d644f8dbdd122afebc $0.00 no no 2 weeks ago 019d5666-b2b6-72b3-991d-f09cf3f2b2ec
medium cast DELEGATECALL present 0x04393e5c6701237d7ee836d644f8dbdd122afebc $0.00 no 2 weeks ago 019d5666-b2b6-72b3-991d-f09cf3f2b2ec
info cast Heavy CALL-family usage 0x04393e5c6701237d7ee836d644f8dbdd122afebc $0.00 no 2 weeks ago 019d5666-b2b6-72b3-991d-f09cf3f2b2ec
info cast Heavy EXTCODE*/BALANCE usage 0x04393e5c6701237d7ee836d644f8dbdd122afebc $0.00 no 2 weeks ago 019d5666-b2b6-72b3-991d-f09cf3f2b2ec
high slither Sale._executeTokenSell(address,uint256,uint256,IERC20Metadata) (contracts/Sale.sol#376-395) sends eth to arbitrary user 0x80c1c65463427ea785fb7b03ba84b91f49f272eb $41,641.82 no 2 weeks ago 019d5666-71d1-72c0-baeb-d50b2b87dd1a
high slither Sale.withdrawTokens(IERC20Metadata,address,uint256) (contracts/Sale.sol#258-273) sends eth to arbitrary user 0x80c1c65463427ea785fb7b03ba84b91f49f272eb $41,641.82 no 2 weeks ago 019d5666-71d1-72c0-baeb-d50b2b87dd1a
high slither Reentrancy in Sale._executeTokenBuy(address,address,uint256,uint256,IERC20Metadata,uint256,uint256,uint256,bytes) (contracts/Sale.sol#338-376): 0x80c1c65463427ea785fb7b03ba84b91f49f272eb $41,641.82 no 2 weeks ago 019d5666-71d1-72c0-baeb-d50b2b87dd1a
high codex Referrer field is never validated, enabling self-referral and cyclic referral farming 0x80c1c65463427ea785fb7b03ba84b91f49f272eb $41,641.82 no 2 weeks ago 019d5666-71d1-72c0-baeb-d50b2b87dd1a
medium codex Exact-output buys can mint market tokens for zero payment because rounding-down is unchecked 0x80c1c65463427ea785fb7b03ba84b91f49f272eb $41,641.82 no 2 weeks ago 019d5666-71d1-72c0-baeb-d50b2b87dd1a
medium codex Core behavior is delegated into an external implementation, so storage safety and auth are not verifiable from this bytecode alone 0x937478e73bf6547843af57564d7265306af024aa $41,695.00 no 2 weeks ago 019d5666-71ca-7272-b492-1f8f99ecb7a6
low codex Selector 0x54fd4d50 reads delegatecall output from memory without an explicit return-size check 0x937478e73bf6547843af57564d7265306af024aa $41,695.00 no 2 weeks ago 019d5666-71ca-7272-b492-1f8f99ecb7a6