TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low codex Signatures are replayable across contracts/chains (no domain separation or nonce) 0xdaca87395f3b1bbc46f3fa187e996e03a5dcc985 $43,294.45 no 2 months ago 019c0ea9-0968-7020-87be-641769d60ed2
medium codex Deposits mint based on requested amount, not actual underlying received 0xea928a8d09e11c66e074fbf2f6804e19821f438d $43,295.97 no 2 months ago 019c0ea9-0961-705e-9c6a-af33c99adc92
low codex Zero/self address check is ineffective due to `||`, allowing unintended transfers 0xea928a8d09e11c66e074fbf2f6804e19821f438d $43,295.97 no 2 months ago 019c0ea9-0961-705e-9c6a-af33c99adc92
medium slither Reentrancy in UniswapV3Pool.collectProtocol(address,uint128,uint128) (contracts/UniswapV3Pool.sol#848-868): 0xa4fcf02701b61d15b192e546663d00afd5f16f80 $43,309.44 no 2 months ago 019c0ea9-095b-704d-b8f1-20ac19c33e9e
medium slither Reentrancy in UniswapV3Pool.swap(address,bool,int256,uint160,bytes) (contracts/UniswapV3Pool.sol#596-788): 0xa4fcf02701b61d15b192e546663d00afd5f16f80 $43,309.44 no 2 months ago 019c0ea9-095b-704d-b8f1-20ac19c33e9e
high codex Multi-bridge transfers do not enforce payload consistency across adapters 0xb0614316d1f45a5da4b09b198cb6cd8fb44bb47b $43,396.86 no 2 months ago 019c0ea9-0954-73b5-b34f-d86eee9f9728
high slither SimpleERC20Escrow.pay(address,uint256) (contracts/Contract.sol#34-38) ignores return value by token.transfer(recipient,amount) (contracts/Contract.sol#37-38) 0xd01159af63c39ef4de125ac3baa940893e8009cd $43,400.00 no 2 months ago 019c0ea9-094d-71d5-afa7-e616ff0989ab
high codex Unprotected initialize allows hostile takeover of escrow market 0xd01159af63c39ef4de125ac3baa940893e8009cd $43,400.00 no 2 months ago 019c0ea9-094d-71d5-afa7-e616ff0989ab
low codex ERC20 transfer return value ignored 0xd01159af63c39ef4de125ac3baa940893e8009cd $43,400.00 no 2 months ago 019c0ea9-094d-71d5-afa7-e616ff0989ab
high detector SELFDESTRUCT reachable 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
high cast SELFDESTRUCT present 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
high detector Untrusted CALL target/value reachable 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
high detector ETH value transfer possible 0xc06053fcad0a0df7cc32289a135bbea9030c010f $0.00 no no 2 months ago 019c0eab-909f-728c-9614-1375a52b5654
medium codex External CALL with computed target/value and unchecked return 0x9ba6e731becc5c04878eef7d52c90a8cf07746ae $43,419.02 no 2 months ago 019c0ea9-0945-71ab-a38f-8eb14a6f4179
low codex Authorization guard compares msg.sender to constant 0xffff… (possible hardcoded admin/lockout) 0x9ba6e731becc5c04878eef7d52c90a8cf07746ae $43,419.02 no 2 months ago 019c0ea9-0945-71ab-a38f-8eb14a6f4179
high detector Untrusted DELEGATECALL target reachable 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 yes yes 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
high detector Authorization based on tx.origin 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
medium detector ETH value transfer possible 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
medium detector Untrusted CALL target/value reachable 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
medium cast DELEGATECALL present 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
info cast Heavy CALL-family usage 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
info cast Heavy EXTCODE*/BALANCE usage 0x69b98667134eee3ebf75799dacbcd604e28709ab $0.00 no 2 months ago 019c0eab-8298-737d-bd4e-4f8fa55370b4
high slither Pool.safeRewardTransfer(address,uint256) (contracts/Contract.sol#1269-1276) ignores return value by rewardToken.transfer(_to,balance) (contracts/Contract.sol#1272-1273) 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
high slither Pool.safeRewardTransfer(address,uint256) (contracts/Contract.sol#1269-1276) ignores return value by rewardToken.transfer(_to,_amount) (contracts/Contract.sol#1273-1276) 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
medium slither Reentrancy in Pool.withdraw(uint256,uint256) (contracts/Contract.sol#1255-1269): 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
medium slither Reentrancy in Pool.updatePool(uint256) (contracts/Contract.sol#1207-1221): 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
medium slither Reentrancy in Pool.deposit(uint256,uint256) (contracts/Contract.sol#1237-1255): 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
high codex Pool can be permanently bricked after endBlock due to underflow in reward calculation 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
medium codex Reentrancy in deposit via untrusted pool tokens can double-claim rewards 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
low codex Fee-on-transfer/rebasing tokens break accounting and reward distribution 0x8ba5325a98147d67e5ee09bb0273194c68512612 $43,534.33 no 2 months ago 019c0ea9-0936-7262-bcf9-9ef5de23bf57
medium detector Untrusted CALL target/value reachable 0x0cfeac50835edfb3d5e9b08abd9011298e54eab1 $0.00 no no 2 months ago 019c0eab-751d-710b-a0ed-2dd3476bcc5f
medium detector ETH value transfer possible 0x0cfeac50835edfb3d5e9b08abd9011298e54eab1 $0.00 no no 2 months ago 019c0eab-751d-710b-a0ed-2dd3476bcc5f
info cast Heavy EXTCODE*/BALANCE usage 0x0cfeac50835edfb3d5e9b08abd9011298e54eab1 $0.00 no 2 months ago 019c0eab-751d-710b-a0ed-2dd3476bcc5f
medium codex Authorization uses tx.origin (phishable auth bypass) 0xa57eda20be51ae07df3c8b92494c974a92cf8956 $43,551.19 no 2 months ago 019c0ea9-0927-724a-89b6-62611e7a5660
low codex External CALLs with computed target/value (potential untrusted call / reentrancy surface) 0xa57eda20be51ae07df3c8b92494c974a92cf8956 $43,551.19 no 2 months ago 019c0ea9-0927-724a-89b6-62611e7a5660
medium codex ERC20 mints are not charged in signature-based minting 0xaeec7611c3cb03957cc6c1036ce43d6894b52836 $43,555.00 no 2 months ago 019c0ea9-091f-7020-ac96-1c592f9af440
low codex Reentrancy/DoS risk in ETH withdrawal loop 0xaeec7611c3cb03957cc6c1036ce43d6894b52836 $43,555.00 no 2 months ago 019c0ea9-091f-7020-ac96-1c592f9af440
low codex ERC20 withdrawals use transferFrom and ignore return values 0xaeec7611c3cb03957cc6c1036ce43d6894b52836 $43,555.00 no 2 months ago 019c0ea9-091f-7020-ac96-1c592f9af440
high codex Oracle price used without freshness/validity checks enables share mispricing 0x3a43aec53490cb9fa922847385d82fe25d0e9de7 $43,555.55 no 2 months ago 019c0ea9-0919-70a6-b4c7-3e776897cc66
low codex Canceled redeems return shares to receiver, not the original owner 0x3a43aec53490cb9fa922847385d82fe25d0e9de7 $43,555.55 no 2 months ago 019c0ea9-0919-70a6-b4c7-3e776897cc66
high detector ETH value transfer possible 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
high detector Untrusted CALL target/value reachable 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
info cast Heavy CALL-family usage 0xf59c19eb032ff3301b6695b58303470a79098771 $0.00 no 2 months ago 019c0eab-5d2a-7148-a859-77ddcfaad2fb
high slither FlashBotsMultiCall.uniswapWeth(uint256,uint256,address[],bytes[]) (contracts/Contract.sol#50-71) ignores return value by WETH.transfer(_targets[0],_wethAmountToFirstMarket) (con... 0xc35d77d25d81be78ad60ce14fea7c92d438782e3 $43,570.25 no 2 months ago 019c0ea9-0913-71a5-94ad-a630aa874b8f
low codex Privileged arbitrary external call can move ETH/tokens 0x32e297877fec71e93ff3bb40e1fb10f9f9c32800 $43,602.04 no 2 months ago 019c0ea9-090d-708e-8500-724695b54269
high detector Untrusted CALL target/value reachable 0x9c3a4329ff26934b04312162f83c8f69d52aa060 $0.00 no no 2 months ago 019c0eab-4fce-73b8-bbdb-0d0d0ffdf301
high detector ETH value transfer possible 0x9c3a4329ff26934b04312162f83c8f69d52aa060 $0.00 no no 2 months ago 019c0eab-4fce-73b8-bbdb-0d0d0ffdf301
medium codex Potentially user-influenced external CALLs with ETH value 0xeba02cfc36c01acbe10f6bcb909b76749e54956a $43,634.18 no 2 months ago 019c0ea9-0907-7184-aaf7-3f9385a0e75c
low codex CALLCODE present in unreachable tail code (if reachable, executes in caller storage) 0xeba02cfc36c01acbe10f6bcb909b76749e54956a $43,634.18 no 2 months ago 019c0ea9-0907-7184-aaf7-3f9385a0e75c
medium codex Computed DELEGATECALL target may be attacker-controlled 0xa2d07d64d7cfc0fe1b58549ea36119e9e81a88f6 $43,703.23 no 2 months ago 019c0ea9-0900-7147-9322-e26ba5b89eeb