TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Computed DELEGATECALL target reachable (arbitrary code execution risk) 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 2 months ago 019be3d9-53a8-71a4-b1a8-306d54433492
low codex Potential arbitrary CALLs with ETH value (authorization unclear) 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 2 months ago 019be3d9-53a8-71a4-b1a8-306d54433492
high codex MF_ONE valuation uses unvalidated oracle price for share minting and TVL 0x71ea0eb2605bd63fe69012a60c75bdbd22e8b3d3 $0.00 no 2 months ago 019be3d8-dab2-7125-9844-e6c896367631
medium codex Strategy proxy admin fixed to creator, not current owner 0x71ea0eb2605bd63fe69012a60c75bdbd22e8b3d3 $0.00 no 2 months ago 019be3d8-dab2-7125-9844-e6c896367631
low codex Rapid withdrawal refunds do not restore instant redeem limits 0x71ea0eb2605bd63fe69012a60c75bdbd22e8b3d3 $0.00 no 2 months ago 019be3d8-dab2-7125-9844-e6c896367631
medium codex tx.origin used for authorization guard (heuristic, sink unknown) 0xa0d828a754961ff78e733701eb98d22084db242c $0.00 no 2 months ago 019be3d8-bb60-7023-94d5-bc2e86082ed0
critical codex Computed DELEGATECALL target reachable 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 2 months ago 019be3d7-e47d-7320-ae56-01c14905ff89
medium codex Computed CALLCODE target executes in caller storage 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 2 months ago 019be3d7-e47d-7320-ae56-01c14905ff89
medium codex External CALLs with computed targets and ETH value 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 2 months ago 019be3d7-e47d-7320-ae56-01c14905ff89
high codex Relayer can finalize arbitrary transfers without on-chain validation 0xc973d09e51a20c9ab0214c439e4b34dbac52ad67 $0.00 no 2 months ago 019be3d7-52ed-7231-975b-72409c137e98
high codex Unprotected initializer allows takeover of uninitialized proxy/clone 0x387a294a2b92387cf46714faa537f1f81d50c210 $0.00 no 2 months ago 019be3d6-c7d2-72ca-99c8-428dc13e465f
low codex Initializer grants ADMIN_ROLE to caller even when owner differs 0x387a294a2b92387cf46714faa537f1f81d50c210 $0.00 no 2 months ago 019be3d6-c7d2-72ca-99c8-428dc13e465f
high codex Intervals claimed only incremented by 1 enables repeated over-claims 0x6097a40e38fa1aeea072babfaadea1f513e970a8 $0.00 no 2 months ago 019be3d6-b2a2-72f8-8ed2-aa2958ed78a5
medium codex Whitelist signature lacks domain separation, enabling replay across contracts/chains 0x6097a40e38fa1aeea072babfaadea1f513e970a8 $0.00 no 2 months ago 019be3d6-b2a2-72f8-8ed2-aa2958ed78a5
low codex Unchecked ERC20 transfer return values can desync accounting 0x6097a40e38fa1aeea072babfaadea1f513e970a8 $0.00 no 2 months ago 019be3d6-b2a2-72f8-8ed2-aa2958ed78a5
high codex Spot Uniswap reserves used as price oracle enable manipulation of collateral and liquidations 0xe3fef783783f97c7647c1f108d1c561e5ec13f92 $46,280.85 no 2 months ago 019be3d6-8551-7286-84a9-a94929610231
low codex Unchecked return value from pool repay can leave debt unpaid while positions close 0xe3fef783783f97c7647c1f108d1c561e5ec13f92 $46,280.85 no 2 months ago 019be3d6-8551-7286-84a9-a94929610231
medium codex Computed external CALLs with possible ETH value transfer (access control unclear) 0x5525bfd977249c60df28176ebe3230c157ac4825 $46,332.61 no 2 months ago 019be3d6-8547-735e-b929-04787b4987ad
low codex External call return data not verified (heuristic) 0x5525bfd977249c60df28176ebe3230c157ac4825 $46,332.61 no 2 months ago 019be3d6-8547-735e-b929-04787b4987ad
low codex Reentrancy surface from multiple external calls (guard not detected) 0x5525bfd977249c60df28176ebe3230c157ac4825 $46,332.61 no 2 months ago 019be3d6-8547-735e-b929-04787b4987ad
medium codex Externally configured hook contract is called in core token flows (reentrancy/DoS risk) 0x75ac19045e7b4b96f7840f8fe9e2e255093bd52f $46,444.98 no 2 months ago 019be3d6-8530-72f9-bd6e-4ee75e5fcfb1
low codex CALLCODE opcode present in runtime bytecode (likely metadata, but dangerous if reachable) 0x75ac19045e7b4b96f7840f8fe9e2e255093bd52f $46,444.98 no 2 months ago 019be3d6-8530-72f9-bd6e-4ee75e5fcfb1
high codex Computed DELEGATECALL targets enable arbitrary code execution if attacker-influenced 0x10314a9f673476f313a598778fea9cb694856500 $46,500.00 no 2 months ago 019be3d6-8525-715e-9ddd-0261e6dd9327
medium codex Untrusted external CALLs with computed target/value (ETH transfer possible) 0x10314a9f673476f313a598778fea9cb694856500 $46,500.00 no 2 months ago 019be3d6-8525-715e-9ddd-0261e6dd9327
medium codex Computed CALL with ETH value may reach untrusted target 0x2c11c5231db1e1feb5e842dbd1c169e5f0d315d4 $46,500.00 no 2 months ago 019be3d6-8519-73c1-9e7a-74e01936c865
medium codex Computed external CALLs with potential value transfer 0xac99380baa171f3a12d7504cf985535ad0bdb26b $46,500.00 no 2 months ago 019be3d6-8505-704c-9fd9-dc628ad8eaa3
medium codex External DELEGATECALL to fixed target gives that contract full control of this contract’s storage 0xf3347c1feca81e9e42c263458ec8d6fea3662ea2 $46,500.00 no 2 months ago 019be3d6-84fb-701e-884c-bd21f4d3f54e
medium codex Externally reachable CALL with computed target/value (possible arbitrary execution/ETH transfer) 0xd9b20cfed69e76acae3fa1c2ee1faafafcb41f55 $46,500.01 no 2 months ago 019be3d6-84ee-7348-8933-35d695a39730
low codex Return data not validated for low-level CALLs 0xd9b20cfed69e76acae3fa1c2ee1faafafcb41f55 $46,500.01 no 2 months ago 019be3d6-84ee-7348-8933-35d695a39730
high codex Reentrancy in Collect allows draining more than balance 0xd84d16fc96cc69a21199454ed615c8bc66fb4026 $46,503.83 no 2 months ago 019be3d6-84e5-71ba-9f6c-009acf5f51d8
low codex Unchecked low-level call result drops failed transaction 0x3792d288d9f0993971f23e4758acb719f285f6ef $46,511.07 no 2 months ago 019be3d6-84db-708f-a189-cf52464f8961
medium codex Computed DELEGATECALL target reachable (storage corruption risk if not strictly bounded) 0x0cd5349e1909599f4445149a264699958a4fc962 $46,519.11 no 2 months ago 019be3d6-84d0-712a-a2d1-e4725f02a1d8
low codex Low-level CALLs with computed target/value (possible reentrancy or fund diversion) 0x0cd5349e1909599f4445149a264699958a4fc962 $46,519.11 no 2 months ago 019be3d6-84d0-712a-a2d1-e4725f02a1d8
medium codex External CALL with value to computed target (untrusted) and no guard detected 0x3011e9752e6fe7031cefcc9d424ebabacb28c1ce $46,628.12 no 2 months ago 019be3d6-84ac-713f-9aba-70b18142c908
medium codex Ownership slot update appears without detected authorization checks 0x3011e9752e6fe7031cefcc9d424ebabacb28c1ce $46,628.12 no 2 months ago 019be3d6-84ac-713f-9aba-70b18142c908
low codex External CALLs use computed targets and can send ETH (target allowlist unclear from bytecode) 0x9b9c3ec4fee4a731a791019f864a839f82bb56dd $46,715.87 no 2 months ago 019be3d6-84a3-7326-b600-b1dc1f53377a
low codex External ERC20 calls do not validate return values 0xa6f38924b30d10a4cad7601cc13820cb53efc4f9 $46,835.19 no 2 months ago 019be3d6-849a-70ac-aa79-3872e5f41725
critical codex Untrusted DELEGATECALL target reachable (arbitrary code execution risk) 0x30689375f7ae75fb85d3a9cb7058ff231dd9f91c $46,862.02 no 2 months ago 019be3d6-8492-73c8-8ec4-edb49b23a550
high codex SELFDESTRUCT sends funds to CALLER 0x30689375f7ae75fb85d3a9cb7058ff231dd9f91c $46,862.02 no 2 months ago 019be3d6-8492-73c8-8ec4-edb49b23a550
medium codex Multiple CALLs with computed target/value (reentrancy or arbitrary transfer risk) 0x30689375f7ae75fb85d3a9cb7058ff231dd9f91c $46,862.02 no 2 months ago 019be3d6-8492-73c8-8ec4-edb49b23a550
low codex Deployer retains TIMELOCK_ADMIN_ROLE, enabling immediate role changes outside timelock 0x528fb7f75384ec26c1a65c088b637f0d1bf35702 $46,873.00 no 2 months ago 019be3d6-8489-7000-bd40-224825ebd461
high codex Royalty accounting lets newly minted tokens claim past rewards 0x147aa9ada01b70c4c8c8b89b06afe767908aced7 $46,931.90 no 2 months ago 019be3d6-8480-72cd-9e22-b654093a3ebf
medium codex Configurable safeSend gas enables reentrancy before accounting updates 0xe8a51be86ad96447d45ddeddc55013f25157688c $46,950.88 no 2 months ago 019be3d6-846c-719a-925b-75105823bfc2
low codex Unchecked Oraclize query ID can lock bets when price is unexpectedly high 0xe8a51be86ad96447d45ddeddc55013f25157688c $46,950.88 no 2 months ago 019be3d6-846c-719a-925b-75105823bfc2
medium codex Computed external CALLs with possible ETH value transfer 0x8f1bd425c64725013ebc98efc246c8f60da8812d $46,974.29 no 2 months ago 019be3d6-8449-73e8-b404-c5a444d506e6
low codex No access-control guards detected on state-modifying functions 0x8f1bd425c64725013ebc98efc246c8f60da8812d $46,974.29 no 2 months ago 019be3d6-8449-73e8-b404-c5a444d506e6
low codex ERC20 approve race allows double-spend of allowance 0xb8c77482e45f1f44de1745f52c74426c631bdd52 $46,980.15 no 2 months ago 019be3d6-8440-70da-9fb5-83113843d72c
medium codex MF_ONE pricing relies on unbounded/stale oracle values, enabling share mispricing 0xc9ecc74110850168fc7373c2586e5a525b02b02f $47,048.85 no 2 months ago 019be3d6-842f-702c-a179-72c42be44b63
low codex Rapid withdrawal refunds do not restore user limits 0xc9ecc74110850168fc7373c2586e5a525b02b02f $47,048.85 no 2 months ago 019be3d6-842f-702c-a179-72c42be44b63
medium codex Dividend distribution can be permanently blocked by a reverting recipient or gas limit 0xc16b542ff490e01fcc0dc58a60e1efdc3e357ca6 $47,233.83 no 2 months ago 019be3d6-83fb-70cc-861b-5b64aafec5b5