TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Fee recipient transfers can permanently block buys/reinvests 0xc6e5e9c6f4f3d1667df6086e91637cc7c64a13eb $44,492.91 no 2 months ago 019c0ea9-0817-7365-836d-3522c390767e
high codex Computed DELEGATECALL target reachable (potential arbitrary code execution) 0xe63dc0b48fd13c888661bfb30d7069823f967f03 $44,592.73 no 2 months ago 019c0ea9-080e-72a0-9742-9404d6ac7052
medium codex External CALLs with computed targets/values and ETH transfer capability 0xe63dc0b48fd13c888661bfb30d7069823f967f03 $44,592.73 no 2 months ago 019c0ea9-080e-72a0-9742-9404d6ac7052
medium codex Owner can set arbitrary fee percentages, enabling confiscation or transfer DoS 0xb3c5290ba8b6138aac895d28f53561d94158fab9 $44,640.00 no 2 months ago 019c0ea9-0807-7299-8f6d-534b44f85048
low codex Owner-controlled transfer lock can freeze user transfers while owner remains exempt 0xb3c5290ba8b6138aac895d28f53561d94158fab9 $44,640.00 no 2 months ago 019c0ea9-0807-7299-8f6d-534b44f85048
high codex `fusionPartTwo` is publicly callable and bypasses fusion checks/interval 0x3d3097cd94fec5dc823e5025a59438e63757dc79 $44,677.61 no 2 months ago 019c0ea9-07f4-701b-ab0c-54bbd630ab82
medium codex Trading lock can be bypassed via direct pair interactions 0x3d3097cd94fec5dc823e5025a59438e63757dc79 $44,677.61 no 2 months ago 019c0ea9-07f4-701b-ab0c-54bbd630ab82
low codex Unchecked ERC20 return values for pair-token transfer/approve 0x3d3097cd94fec5dc823e5025a59438e63757dc79 $44,677.61 no 2 months ago 019c0ea9-07f4-701b-ab0c-54bbd630ab82
medium codex Signatures are not bound to the bridge contract, enabling cross-contract replay 0x02b758ce469af940c57a42ad1de5d404122bc283 $44,725.62 no 2 months ago 019c0ea9-07ed-70da-abbb-d6eab83f6cb6
medium codex Computed external CALLs (with possible ETH value) could enable reentrancy or unintended external execution 0x951a1ca3ad7ad2e055226783d32c9e8a69188485 $44,736.93 no 2 months ago 019c0ea9-07e6-7329-83b3-dd3fed18a0b3
medium codex SELFDESTRUCT present and potentially reachable 0xeb618e440fd758b9bc2946ccc55ff5390f441b5b $44,767.66 no 2 months ago 019c0ea9-07df-7364-9b5a-b680cca460f9
low codex Computed external CALL before apparent state update (reentrancy/unsafe call risk if target is attacker-controlled) 0xeb618e440fd758b9bc2946ccc55ff5390f441b5b $44,767.66 no 2 months ago 019c0ea9-07df-7364-9b5a-b680cca460f9
medium codex Dangerous delegatecall to external token can corrupt storage or selfdestruct the contract 0xdafce5670d3f67da9a3a44fe6bc36992e5e2beab $44,780.96 no 2 months ago 019c0ea9-07d7-71f4-a34c-0c128476feae
low codex Unchecked ERC20 transfer/approve return values can leave state inconsistent 0xdafce5670d3f67da9a3a44fe6bc36992e5e2beab $44,780.96 no 2 months ago 019c0ea9-07d7-71f4-a34c-0c128476feae
low codex Computed low-level CALL target/value reachable (reentrancy/permission uncertainty) 0xd6a07b8065f9e8386a9a5bba6a754a10a9cd1074 $44,793.51 no 2 months ago 019c0ea9-07cf-7327-9b7e-02000e7fdf7e
high codex Nonce marked after external call allows reentrant replay of the same signed transaction 0x4d307525b22897ca07af7e34079397f3d7ae60a2 $44,850.97 no 2 months ago 019c0ea9-07c1-72fc-b499-c22be17f1945
high codex Relayer refund can be reentered before balance reset, enabling repeated refunds 0x50c02710b06d6addb864d6b038010ef6fa1bcd92 $44,959.89 no 2 months ago 019c0ea9-07b9-70a2-acc1-0b6c38a3ac98
low codex Oracle price used without sanity/staleness checks can break fee math 0x50c02710b06d6addb864d6b038010ef6fa1bcd92 $44,959.89 no 2 months ago 019c0ea9-07b9-70a2-acc1-0b6c38a3ac98
low codex Unchecked ERC20 transfer/transferFrom return values in relayer flows 0x50c02710b06d6addb864d6b038010ef6fa1bcd92 $44,959.89 no 2 months ago 019c0ea9-07b9-70a2-acc1-0b6c38a3ac98
low codex External call result ignored; nonce advances even on failed transfer 0xb916796bacee1d6553b86ae05d9dd4c5e8d0b057 $45,017.10 no 2 months ago 019c0ea9-07ab-7229-8ea9-ef5c66ea8236
info codex Signed message lacks chain-id domain separation 0xb916796bacee1d6553b86ae05d9dd4c5e8d0b057 $45,017.10 no 2 months ago 019c0ea9-07ab-7229-8ea9-ef5c66ea8236
high codex Unrestricted initialize allows proxy takeover if not initialized atomically 0xad16edcf7deb7e90096a259c81269d811544b6b6 $45,074.25 no 2 months ago 019c0ea9-07a4-7162-9dd3-67d9c56c3671
low codex Refund recipient aliasing not enforced for explicit L1 contract addresses 0xad16edcf7deb7e90096a259c81269d811544b6b6 $45,074.25 no 2 months ago 019c0ea9-07a4-7162-9dd3-67d9c56c3671
medium codex Low-level CALLs with computed target/value allow untrusted external interactions 0x5135f511eac08f8a49c80649d23b9d3b6d43dbac $45,108.01 no 2 months ago 019c0ea9-079c-73ed-a22f-f2b73edc06c0
medium codex CREATE opcode reachable (on-chain contract deployment) 0x5135f511eac08f8a49c80649d23b9d3b6d43dbac $45,108.01 no 2 months ago 019c0ea9-079c-73ed-a22f-f2b73edc06c0
high codex Unprotected initializer allows takeover of uninitialized proxy 0x2791bca1f2de4661ed88a30c99a7a9449aa84174 $45,414.08 no 2 months ago 019c0ea9-076e-7168-9503-51be12255f63
low codex Meta‑transaction signature verification allows malleable signatures 0x2791bca1f2de4661ed88a30c99a7a9449aa84174 $45,414.08 no 2 months ago 019c0ea9-076e-7168-9503-51be12255f63
medium codex Regular end-game can settle on stale signed state without freshness or challenge 0xa867bf8447ec6f614ea996057e3d769b76a8aa0e $45,437.57 no 2 months ago 019c0ea9-0766-7238-b448-39331fab7739
low codex ECDSA signature malleability due to missing `s`/`v` validation 0xa867bf8447ec6f614ea996057e3d769b76a8aa0e $45,437.57 no 2 months ago 019c0ea9-0766-7238-b448-39331fab7739
high codex Liquidation drains entire pool and leaves staking accounting unchanged 0x89f0112a9c75d987686c608ca1840f9c7344b7ff $45,478.09 no 2 months ago 019c0ea9-075d-712a-a36b-c3913c2d8471
medium codex Owner-controlled blacklist can freeze user funds and halt trading 0x8390a1da07e376ef7add4be859ba74fb83aa02d5 $45,482.52 no 2 months ago 019c0ea9-0755-7161-aaea-8a07609dc9c1
low codex Tax swap uses amountOutMin=0 enabling MEV sandwiching 0x8390a1da07e376ef7add4be859ba74fb83aa02d5 $45,482.52 no 2 months ago 019c0ea9-0755-7161-aaea-8a07609dc9c1
medium codex Untrusted low-level CALL with variable target/value (potential arbitrary external call/ETH transfer) 0xda4fbd0ebe88877df05424c10274ad9315cee83a $45,570.00 no 2 months ago 019c0ea9-0745-7141-887d-3061a28b705a
medium codex Unchecked send can silently skip payouts while advancing indices 0xbb4f286f88881afff196f8170105ad91b6217e0b $45,612.58 no 2 months ago 019c0ea9-073f-707e-aad6-50c2613920db
low codex Imported deposit indices are mixed with main queue indices, breaking getUserDeposits 0xbb4f286f88881afff196f8170105ad91b6217e0b $45,612.58 no 2 months ago 019c0ea9-073f-707e-aad6-50c2613920db
medium codex Invalid signatures are accepted when `user` is the zero address 0xbeeb655808e3bdb83b6998f09dfe1e0f2c66a9be $45,650.60 no 2 months ago 019c0ea9-0737-72a3-99e0-ec55ab3ddde2
low codex Maker whitelist is not enforced in `trade` 0xbeeb655808e3bdb83b6998f09dfe1e0f2c66a9be $45,650.60 no 2 months ago 019c0ea9-0737-72a3-99e0-ec55ab3ddde2
medium codex Bribe points credited from input amount, not actual tokens received 0xc3e486f614e297d8e016ac2805e81707c627b2d5 $45,728.04 no 2 months ago 019c0ea9-072f-73ea-a5f8-5f68e3df6057
medium codex Fee swaps rely on spot Uniswap pricing and are sandwichable 0xc3e486f614e297d8e016ac2805e81707c627b2d5 $45,728.04 no 2 months ago 019c0ea9-072f-73ea-a5f8-5f68e3df6057
low codex Unchecked ERC20 return values can cause silent failures and bad accounting 0xc3e486f614e297d8e016ac2805e81707c627b2d5 $45,728.04 no 2 months ago 019c0ea9-072f-73ea-a5f8-5f68e3df6057
high codex Whitelisted game can unilaterally drain any holder’s tokens/ETH via payWithToken 0x8942a5995bd168f347f7ec58f25a54a9a064f882 $45,751.27 no 2 months ago 019c0ea9-0729-710d-aaed-64fc4dafe23a
medium codex Owner can set migration target to arbitrary address, redirecting moveAccountOut funds 0x8942a5995bd168f347f7ec58f25a54a9a064f882 $45,751.27 no 2 months ago 019c0ea9-0729-710d-aaed-64fc4dafe23a
low codex Unbounded superReferrerRate can revert buys or wrap fee calculation 0x8942a5995bd168f347f7ec58f25a54a9a064f882 $45,751.27 no 2 months ago 019c0ea9-0729-710d-aaed-64fc4dafe23a
low codex Computed CALL targets/values may allow arbitrary external calls if access control is incomplete 0x98ca924d9a32837cb5c123a9b9e88fb593f3e427 $45,823.51 no 2 months ago 019c0ea9-0722-733a-88ee-db0303efdc53
medium codex Initializer can be called by anyone if the proxy is left uninitialized 0x095c35b4217770893fbb7cf533869afce1b27a78 $46,092.96 no 2 months ago 019c0ea9-070a-72de-9802-b9a1e36ddc57
low codex Owner-only arbitrary external call with ETH transfer capability 0x095c35b4217770893fbb7cf533869afce1b27a78 $46,092.96 no 2 months ago 019c0ea9-070a-72de-9802-b9a1e36ddc57
medium codex Authorization uses tx.origin 0x163a948770020a636a87a48acb33d7575445474b $46,167.38 no 2 months ago 019c0ea9-06f3-7351-913e-e120102597a8
low codex CALL with computed target/value and unchecked return 0x163a948770020a636a87a48acb33d7575445474b $46,167.38 no 2 months ago 019c0ea9-06f3-7351-913e-e120102597a8
medium codex Order signatures are replayable and lack domain separation/nonce protection 0x15c5f0f18feb8a9f5808ccd2fc4ac279d9d89bb8 $46,200.14 no 2 months ago 019c0ea9-06d5-7319-83a0-bdeeddb23af3
low codex ERC20 transfer/transferFrom return values are ignored, enabling fee bypass or silent token delivery failure 0x15c5f0f18feb8a9f5808ccd2fc4ac279d9d89bb8 $46,200.14 no 2 months ago 019c0ea9-06d5-7319-83a0-bdeeddb23af3