TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Flash-loan price manipulation drains ETH via zero-slippage publicSwap 0xaba513097f04d637727fdcda0246636e0d5d6833 $1,079,543.20 no 3 months ago 97cd6cda-535b-4091-acff-4edb553a0399
high codex Share inflation via direct donations lets the first depositor steal later deposits 0x35ffd6e268610e764ff6944d07760d0efe5e40e5 $1,385,920.03 no 3 months ago fb399128-ba48-4197-80c8-ca2078ffb9c9
high codex EIP712 domain omits chainId and verifying contract, enabling cross-contract order replay 0x241e82c79452f51fbfc89fac6d912e021db1a3b7 $2,288,604.15 no 3 months ago 0125e957-6d16-4951-9544-c9f5d3c64088
high codex Unprotected initialization allows anyone to seize ownership and drain funds if not yet initialized 0x14a635549fc5d087d39a0cd1339345b8b8c6fdba $6,290,639.88 no 3 months ago b7ce8ac8-0ea4-495f-80fb-6e8e679e5468
high codex Unprotected V3 reinitializer lets attacker become admin, swap chain-state verifier, and forge withdrawals 0x2c4df10a82cf077122ed99573aca6dacd76f2e67 $0.00 no 3 months ago 6b74e541-cb40-41fa-b381-0ac9cd0774ee
high codex Rounding-up in deposits lets dust mint full shares and drain accrued rewards 0xaeae7d602b537b2065f3da05dcce754fb23a968d $0.00 no 3 months ago d56f910c-3d71-409c-894a-2f145cc856af
critical codex Unprotected finalizeUpgrade_v2 enables LidoLocator hijack and buffered ETH theft 0x17144556fd3424edc8fc8a4c940b2d04936d17eb $0.00 no 3 months ago 5759b91b-cd68-448d-8e43-52ec0688cfdf
critical codex Unprotected initializeV5 allows attacker to seize migrator role and whitelist a drain recipient 0x5019d41b0737e39b51fd6da4859f3e27579e4e69 $0.00 no 3 months ago 398a83a4-3714-43fd-b57b-b5205efcfca4
critical codex Unprotected initialize lets attacker overwrite subContracts and execute arbitrary delegatecall logic 0xdf2f24751f7e84ccdcd39e7b49904fab0fb0f583 $0.00 no 3 months ago d7530101-36b1-4fae-8f33-0dec08c21c66
critical codex Unprotected initialize allows exchange takeover and full fund drain 0x674bdf20a0f284d710bc40872100128e2d66bd3f $12,345,678.95 no 3 months ago 83c46581-935d-4c5c-8596-6954c0074eb5
medium codex Floor rounding on share burn allows zero-share liquidations that drain yield 0xf113bfd6423291b1dd2ca76f897bff54456e7c88 $0.00 no 3 months ago 3430da73-4891-4fc2-bd51-e14bb3caa70e
critical codex Unprotected initialize lets an attacker set a fake messenger and drain the bridge 0xa0cfe8af2ab5c9232714647702dbacf862ea4798 $0.00 no 3 months ago 0fb93155-944c-4ca8-9339-4f05dc1ba13c
high codex First depositor share inflation can zero‑mint later deposits and steal their ABR 0xbbbd1bbb4f9b936c3604906d7592a644071de884 $14,867,814.55 no 3 months ago dbcf5643-b21f-40b3-a143-69185d9bdf76
high codex Replayable owner signatures due to missing domain separation in transaction hash 0x7da82c7ab4771ff031b66538d2fb9b0b047f6cf9 $31,881,464.38 no 3 months ago 2777b685-b8a7-47d0-87a2-7c35425b4f1b
high codex Phantom token deposits via malicious ERC20 let attacker trade unbacked balances for real assets 0x8d12a197cb00d4747a1fe03395095ce2a5cc6819 $47,393,993.66 no 3 months ago c0d05ecc-5a14-4ce1-9cc4-2b103799055d
critical codex Unrestricted EIC delegatecall in initialize enables arbitrary code execution and fund drain 0x95ff25a59dc9c5a41cf0709dc916041e5dc7fd95 $0.00 no 3 months ago cd9a2c6e-802a-4f64-9f36-2ed44f0a937c
high codex executeTxWithPermits allows reentrant double-execution of the same transaction 0x471756ad2124b04dc1c5c364ee6a9e29f8c3f67a $0.00 no 3 months ago 48761642-a2bb-4ad0-8c2c-796509a9987b
critical codex Unprotected initializer enables full takeover and fund drain when not yet initialized 0xa9d1e08c7793af67e9d92fe308d5697fb81d3e43 $144,278,839.16 no 3 months ago 60ed7a90-3d7b-4616-abba-573f64440894
critical codex Unprotected v6 reinitializer allows arbitrary role assignment and escrow drain 0x07ddce60658a61dc1732cacf2220fce4a01c49b0 $0.54 no 3 months ago bcd4586e-de87-48ab-b48b-5b7155755114
critical codex Unprotected initializer allows attacker to seize signer set and drain funds if uninitialized 0x0d424072d658e6abd92c36f8fc16fd6479ae15a0 $0.00 no 3 months ago b7d05de1-6621-40c5-ac41-867be4e9149a
critical codex Unprotected initialize allows ownership takeover and collateral drain 0x817c51688c57ba79954e3063807128d61264acbf $0.00 no 3 months ago b83d9cb7-09ac-4e3f-afa9-1ff09b9e4430
critical codex Unprotected set_admin allows first caller to seize admin and drain all assets 0xb46adcd1ea7e35c4eb801406c3e76e76e9a46edf $120,653.61 no 3 months ago 328cd4c7-d76b-47a7-b167-78e3f540fc39
critical codex Balance overwrite in `trade()` enables margin inflation and token drain 0xe883b3efdae637fc599b467478a23199778f2ccf $0.00 no 3 months ago 3c0a61cc-d6d4-400c-9d03-c6477aef3dd7
high codex Replayable signed transactions (no nonce/used-hash tracking) allow repeated withdrawals 0x135bbbf1903c61fa25596ee4e27b8f14ed968c04 $123,361.40 no 3 months ago e55a7ac9-46dc-47cb-8fd2-309875709a55
high codex Plaintext answer exposure lets any EOA drain the full balance 0x821ab5215e7970480d1d9c145632e5c15d3b8bbb $0.00 no 3 months ago da09a895-da60-46f6-92dd-2d365b3161b9
high codex Reverted blocks keep stale pendingWithdrawCommits, enabling withdrawals from invalid transitions 0xf86fd6735f88d5b6aa709b357ad5be22cedf1a05 $124,833.69 no 3 months ago 7cf066a0-1657-4bcb-bb21-4badff1e973d
high codex Answer leakage via Start calldata lets anyone claim the full balance 0xa46c2b718adfff25098417ad0b5d208c832260b1 $0.00 no 3 months ago 021898af-49a7-4060-b9dc-ad1f1631fb5b
high codex First-depositor share inflation via pre-deposit donation (rounding allows value extraction from later deposits) 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago 469feb27-7bd0-46d7-9fdc-ae3a5830bb40
medium codex Pending withdrawal fees are not reserved until claim, allowing LPs to reclaim them via instant redemption 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago 767cc303-78e9-4eed-93ad-02ea1836c1d3
critical codex Unprotected initializer lets attacker seize governorship and sweep collateral 0xf296b1113cc49ae4c6890e7b5dd3bed780407487 $0.00 no 3 months ago a78d7adf-97d8-4219-b64c-a96e9aaf6364
critical codex Unprotected initializer lets attacker seize admin roles and drain borrowable stake 0xbe607a58206180fef691bf1b5ae9670174284388 $0.00 no 3 months ago 026f5e22-4c52-4371-8cca-df1aab8b9b96
high codex Reentrant token transfer allows repeated withdrawals before balance update 0x039fb002d21c1c5eeb400612aef3d64d49eb0d94 $0.00 no 3 months ago 9c711161-870e-44a5-9dec-202386f236a2
medium codex Blacklisted holders can still redeem underlying via requestRedeem/instantRedeem 0xf2cd14f02b4fdc0d26681fbc7f60a11b8378f96d $0.00 no 3 months ago f8c17a8c-6af1-4eab-9c8d-d6d4b5f9b4a8
critical codex Unprotected initialize enables full ownership takeover and fund drain 0x95ca2f7959f8848795dfb0868c1b0c59dd4e9330 $0.00 no 3 months ago 54a189c7-eb59-4516-a724-ee00cb577b26
critical codex Unprotected initializer lets anyone seize auctioneer role and upgrade to a draining master copy 0x2bae491b065032a76be1db9e9ecf5738afae203e $0.00 no 3 months ago 4b8be3d2-a217-469b-8019-21ef3302b0a8
high codex Unprotected auction initialization allows admin/wallet hijack and theft of sale tokens 0x364b7e2d5b11b9d2016d232fa271d89d5e6065f1 $0.00 no 3 months ago f737e1d0-6060-4221-9bb6-8d056f16705e
high codex Donation-based share inflation enables zero-share deposits and theft of subsequent deposits 0xace74f217aef8085f328cc1d73757d913b7eea39 $0.00 no 3 months ago ae144725-31b7-4efd-af05-6da20a974622
critical codex Unprotected initializer allows ownership takeover and full asset drain 0x0bc8c8212c0c74773671c4badb18999c2b07f3c6 $0.00 no 3 months ago caf881a5-f3a8-4b00-b6b0-31c41e3b5ede
critical codex LP tokens can be reused to claim settlement assets multiple times 0xf6a8e47daeeddcce297e7541523e27df2f167bf3 $0.00 no 3 months ago cc30122d-937e-4adf-b153-356118782e57
critical codex Unprotected initializer enables ownership takeover and ERC20 collateral drain 0x905d9368cf8a337c420bfb87705d2cdbb4e1c26a $0.00 no 3 months ago 454b8231-54e3-4154-96fc-ae4c5d6e8e6a
high codex Reentrant redeem can double-withdraw later assets in multi-token vault 0x1cb489ef513e1cc35c4657c91853a2e6ff1957de $0.00 no 3 months ago 8c5b2b5d-90da-42b1-a8ff-785f9a741c38
critical codex Anyone can seize governance when authorities/governanceContract are unset 0xc664692f38d2528710edbb74f65db6599bc7dee6 $0.00 no 3 months ago cb0e634a-87d9-4254-9a5c-e5cc62f645d9
critical codex Uninitialized deployment lets anyone become owner and drain all tokens 0xfc59ab348e0c0e789e914b0864f08cab98db1553 $0.00 no 3 months ago ff932ff9-2ce9-490b-9514-dd6f80ed85c1
high codex Anyone can reset the reentrancy guard via initializePoolV2, enabling reward inflation in deposit 0xfc59ab348e0c0e789e914b0864f08cab98db1553 $0.00 no 3 months ago ff932ff9-2ce9-490b-9514-dd6f80ed85c1
critical codex Unprotected initializer enables ownership/ISM takeover and forged mailbox messages to drain collateral 0x631953e16e8a57fc159e1fb1d92443c981b00770 $0.00 no 3 months ago 967eefc5-5d64-4367-893f-8979c65295be
critical codex trade() never updates currentBalances, enabling balance overwrite to mint margin 0xe883b3efdae637fc599b467478a23199778f2ccf $0.00 no 3 months ago 59e6c0db-cd2a-48a8-a2c9-c925486bfb0b
high codex Unprotected reinitializer enables ownership takeover and forged withdrawals 0x2ccd5486ea1b2a52dcd387c01314f6a328f66cbb $0.00 no 3 months ago ea503cad-40e9-45b2-b499-15207ca468f7
critical codex Unprotected initializer enables proxy hijack and arbitrary withdrawals 0xe80b4e0ed5e92d865f4708eee0e1564287a7d848 $0.00 no 3 months ago 3ca0b6ef-0a57-4afb-8a98-1b588ddcf7cd
high codex Unprotected initialize enables treasury hijack on uninitialized ATokenInstance 0xb2668573828029917ffbd1e76270373511818498 $0.00 no 3 months ago 1dde14e9-bcb7-465f-803b-2ce787c6e2d9
critical codex Unprotected migrateTo_3_3_0 lets attacker redirect USDC/USDT to a malicious interest implementation 0x8eb3b7d8498a6716904577b2579e1c313d48e347 $0.00 no 3 months ago 5373b42d-d0b8-4880-baf1-b7bff0ccb9fd