TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low cast Contract creation opcode present 0xbdfe7fc2caac000e8436c72c104d611277def3d8 $41,981.51 no 2 weeks ago 019cdede-85c4-7235-8187-aeef86ac6be4
high detector ETH value transfer possible 0x2ac03bf434db503f6f5f85c3954773731fc3f056 $41,990.38 no 2 weeks ago 019cdede-85be-73ca-b700-2088f7bcabb6
high detector Untrusted CALL target/value reachable 0x2ac03bf434db503f6f5f85c3954773731fc3f056 $41,990.38 no 2 weeks ago 019cdede-85be-73ca-b700-2088f7bcabb6
medium detector CREATE/CREATE2 reachable 0x2ac03bf434db503f6f5f85c3954773731fc3f056 $41,990.38 no 2 weeks ago 019cdede-85be-73ca-b700-2088f7bcabb6
low cast Contract creation opcode present 0x2ac03bf434db503f6f5f85c3954773731fc3f056 $41,990.38 no 2 weeks ago 019cdede-85be-73ca-b700-2088f7bcabb6
medium codex Initializer appears publicly callable; critical storage can be set by anyone once 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 2 months ago 019c0eac-1141-73a4-bb86-3f06ad5c30a9
low codex SELFDESTRUCT opcode present in runtime bytecode (appears unreachable) 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 2 months ago 019c0eac-1141-73a4-bb86-3f06ad5c30a9
low codex Low-level CALLs with computed targets/value; potential untrusted-call or reentrancy surface 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 2 months ago 019c0eac-1141-73a4-bb86-3f06ad5c30a9
medium codex Orders lack trader authorization; relays can execute arbitrary swaps 0x4a1dc57d949db46a456d0104f437ed87ee24422f $0.00 no 2 months ago 019c0eab-c14a-7068-a5b7-e9885803d0b8
medium codex Public initializers can be seized if deployment is not atomic 0x4a1dc57d949db46a456d0104f437ed87ee24422f $0.00 no 2 months ago 019c0eab-c14a-7068-a5b7-e9885803d0b8
low codex ERC20 transfer/approve return values are not checked in swap scripts 0x4a1dc57d949db46a456d0104f437ed87ee24422f $0.00 no 2 months ago 019c0eab-c14a-7068-a5b7-e9885803d0b8
high slither SimpleERC20Escrow.pay(address,uint256) (contracts/Contract.sol#34-38) ignores return value by token.transfer(recipient,amount) (contracts/Contract.sol#37-38) 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
high codex Unprotected proxy initializer allows market takeover 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
low codex Unchecked ERC20 transfer return value can mask failed payouts 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
low codex Unchecked ERC20 transfer/transferFrom return values may mask failed asset movements 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
low codex EtherFi withdrawal accounting can be double-decremented if claims are repeatable 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
low codex Uninitialized proxy can be taken over via public initialize 0x0cfeac50835edfb3d5e9b08abd9011298e54eab1 $0.00 no 2 months ago 019c0eab-751d-710b-a0ed-2dd3476bcc5f
high slither YoVault_V2._pendingRedeem (src/YoVault_V2.sol#73) is never initialized. It is used in: 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
high slither YoVault_V2.totalPendingAssets (src/YoVault_V2.sol#61) is never initialized. It is used in: 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
high slither YoVault_V2.feeOnDeposit (src/YoVault_V2.sol#68) is never initialized. It is used in: 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
high slither ERC4626Upgradeable._deposit(address,address,uint256,uint256) (node_modules/@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC4626Upgradeable.sol#262-275) uses arbitr... 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
high slither YoVault_V2.feeOnWithdraw (src/YoVault_V2.sol#66) is never initialized. It is used in: 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
medium slither Contract locking ether found: 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
medium codex Redeem fulfillment allows asset/share mismatches and zero-share payouts 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
medium codex Oracle price trusted without freshness/sanity checks for share/asset accounting 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
medium codex Untrusted external CALLs with potential ETH value transfer and no detected guard 0x9c3a4329ff26934b04312162f83c8f69d52aa060 $0.00 no 2 months ago 019c0eab-4fce-73b8-bbdb-0d0d0ffdf301
high codex Computed DELEGATECALL targets reachable (potential arbitrary code execution in caller context) 0xd3f582f6b4814e989ee8e96bc3175320b5a540ab $0.00 no 2 months ago 019c0eab-41f8-709b-a0d5-a4b9b6478fe1
medium codex Untrusted external CALLs with ETH value possible 0xd3f582f6b4814e989ee8e96bc3175320b5a540ab $0.00 no 2 months ago 019c0eab-41f8-709b-a0d5-a4b9b6478fe1
medium codex External CALLs with value and computed targets lack an explicit reentrancy guard 0xfdeaf7d9ab542c6ad617666015e512fa1633b8a0 $44,492.00 no 2 months ago 019c0ea9-0820-7077-8c15-dac863742bd6
medium codex External CALL with ETH value to computed target (reentrancy/untrusted-call risk) 0xeda4c4067bdd708bb75ac620e1e2215a747a1f39 $0.00 no 2 months ago 019c0eaa-46e2-714b-a04f-a45cdb834d69
high slither Reentrancy in GenericBridge.claimToken(address,address,uint256,uint256[],bytes32,bytes32[],bytes32[],uint8[],string,string,uint8) (contracts/generic/GenericBridge.sol#308-459): 0x438285fbccba55ce8cdef276030e6b35a0b65b6b $0.00 no 2 months ago 019c0eaa-1573-73c9-bdcd-698f810a9fbd
high slither ERC1967UpgradeUpgradeable._functionDelegateCall(address,bytes) (@openzeppelin/contracts-upgradeable/proxy/ERC1967/ERC1967UpgradeUpgradeable.sol#207-213) uses delegatecall to a i... 0x438285fbccba55ce8cdef276030e6b35a0b65b6b $0.00 no 2 months ago 019c0eaa-1573-73c9-bdcd-698f810a9fbd
high slither Reentrancy in GenericBridge.claimToken(address,address,uint256,uint256[],bytes32,bytes32[],bytes32[],uint8[],string,string,uint8) (contracts/generic/GenericBridge.sol#308-459): 0x438285fbccba55ce8cdef276030e6b35a0b65b6b $0.00 no 2 months ago 019c0eaa-1573-73c9-bdcd-698f810a9fbd
medium codex Signatures lack contract-domain separation, enabling replay across bridge instances 0x438285fbccba55ce8cdef276030e6b35a0b65b6b $0.00 no 2 months ago 019c0eaa-1573-73c9-bdcd-698f810a9fbd
low codex addApprovers allows zero address, letting invalid signatures count as approvals 0x438285fbccba55ce8cdef276030e6b35a0b65b6b $0.00 no 2 months ago 019c0eaa-1573-73c9-bdcd-698f810a9fbd
medium codex Low-level CALL with computed target/value (potential untrusted external call with ETH) 0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b $0.00 no 2 months ago 019c0ea9-f67b-73b7-80e6-a5d6cba42ff4
low codex Proxy implementation metadata conflict (EIP-1967) 0x36d7b81fa45e6453d9a3f9be0829817c8a5f5d1b $0.00 no 2 months ago 019c0ea9-f67b-73b7-80e6-a5d6cba42ff4
medium codex Asset limit can be bypassed via mint() 0x46c64c1630f320b890d765e7c6f901574924b0c7 $0.00 no 2 months ago 019c0ea9-f016-739a-ad4f-c89570e9c08b
medium codex Proxy can be seized if initialize is not called during deployment 0x46c64c1630f320b890d765e7c6f901574924b0c7 $0.00 no 2 months ago 019c0ea9-f016-739a-ad4f-c89570e9c08b
medium codex Initializer can be front-running if deployment is not atomically initialized 0x43ffaa65fe273d2ef9edd78418091d41b1aa40e8 $0.00 no 2 months ago 019c0ea9-e9be-73c6-a611-a0ba6ee4b415
low codex Nonce is marked used after external call, enabling reentrancy-based griefing 0x43ffaa65fe273d2ef9edd78418091d41b1aa40e8 $0.00 no 2 months ago 019c0ea9-e9be-73c6-a611-a0ba6ee4b415
high slither TruthBridge.relayerLift(uint256,uint256,address,uint8,bytes32,bytes32,bool) (contracts/TruthBridge.sol#289-304) uses arbitrary from in transferFrom in combination with permit: I... 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
high slither TruthBridge.deregisterRelayer(address) (contracts/TruthBridge.sol#276-285) ignores return value by IERC20(usdc).transfer(relayer,uint256(balance - 1)) (contracts/TruthBridge.sol... 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
high slither TruthBridge.uniswapV3SwapCallback(int256,int256,bytes) (contracts/TruthBridge.sol#341-349) ignores return value by IERC20(usdc).transfer(msg.sender,uint256(amount0Delta)) (contr... 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
high slither TruthBridge.relayerLift(uint256,uint256,address,uint8,bytes32,bytes32,bool) (contracts/TruthBridge.sol#289-304) ignores return value by IERC20(usdc).transferFrom(user,address(th... 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
high slither TruthBridge.relayerLower(uint256,bytes,bool) (contracts/TruthBridge.sol#308-329) ignores return value by IERC20(usdc).transfer(user,amount) (contracts/TruthBridge.sol#323-324) 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
medium slither Reentrancy in TruthBridge.relayerLift(uint256,uint256,address,uint8,bytes32,bytes32,bool) (contracts/TruthBridge.sol#289-304): 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
medium slither Reentrancy in TruthBridge.relayerLower(uint256,bytes,bool) (contracts/TruthBridge.sol#308-329): 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
medium slither Reentrancy in TruthBridge.relayerLift(uint256,uint256,address,uint8,bytes32,bytes32,bool) (contracts/TruthBridge.sol#289-304): 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb
medium slither Reentrancy in TruthBridge.relayerLower(uint256,bytes,bool) (contracts/TruthBridge.sol#308-329): 0x965983977c29158ec53a296a6f47be145ddecc36 $0.00 no 2 months ago 019c0ea9-e35a-710a-b93e-e2ba664180fb