TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
critical codex Unrestricted external initializer delegatecall enables proxy takeover and fund drain 0x8a4e51ff0f2a45899519e6049fb2d1f038be1e77 $0.00 no 3 months ago 8be6354b-23eb-41af-b543-f567f3434f60
low codex Unchecked low-level CALL return value in external call helper 0xe6c185e666f805001744a37ed709431caff8ad62 $149,509.82 no 3 months ago f647bb59-39e9-4a04-ae07-3770254f3a02
critical codex Multicall delegatecalls let callers spoof immutable args (token addresses/scales), enabling asset drainage 0xad24fc773e125edb223c38a39657cb64bc7c178e $152,873.52 no 3 months ago 0b182317-6fc8-49be-9b05-708e9dfa9460
low codex `initialize` is permissionless and can be front‑run 0xad24fc773e125edb223c38a39657cb64bc7c178e $152,873.52 no 3 months ago 0b182317-6fc8-49be-9b05-708e9dfa9460
medium codex Share inflation via donations can force zero-share mints and steal deposits 0x597ad1e0c13bfe8025993d9e79c69e1c0233522e $147,885.30 no 3 months ago caf2eb8b-4431-40aa-b249-a01dc82d0abe
medium codex Claims allowed before distribution finalization can overpay early claimers and underpay others 0x2fc945d48a4d61ec988f8cabffbe6f1efe07137f $155,582.60 no 3 months ago 3f2d111a-7816-44d3-96e0-e2fb4bbf15b1
low codex Unchecked ERC20 transfer return value can mark claims as paid without transferring 0x2fc945d48a4d61ec988f8cabffbe6f1efe07137f $155,582.60 no 3 months ago 3f2d111a-7816-44d3-96e0-e2fb4bbf15b1
low codex Balance-delta accounting breaks for rebasing/deflationary tokens 0x2fc945d48a4d61ec988f8cabffbe6f1efe07137f $155,582.60 no 3 months ago 3f2d111a-7816-44d3-96e0-e2fb4bbf15b1
high codex Initializer callable by anyone enables takeover of uninitialized proxy 0x04ead25447f9371c5c1e2c33645f32aafeb337dc $0.00 no 3 months ago f87396ab-be81-49d8-86db-2ad77e0251d8
medium codex Rebalances lack on-chain oracle deviation checks; price manipulation can skew liquidity mint/burn amounts 0x04ead25447f9371c5c1e2c33645f32aafeb337dc $0.00 no 3 months ago f87396ab-be81-49d8-86db-2ad77e0251d8
medium codex Pool shutdown ignores failed gauge withdrawals, risking permanent LP lock 0x27921a5cc29b11176817bbf5d6bad83830f71555 $151,856.91 no 3 months ago b912235e-edd4-44f6-a11e-2efc7ec4cf2e
low codex EIP-1271 signature validation ignores signature bytes and relies solely on preapproved hashes 0x27921a5cc29b11176817bbf5d6bad83830f71555 $151,856.91 no 3 months ago b912235e-edd4-44f6-a11e-2efc7ec4cf2e
medium codex Rollover can be bricked by non-zero allowances due to safeApprove usage 0xb380162a6a68f37b07503ba1543d0e623bd81c3c $0.00 no 3 months ago 87395c2a-feff-4e13-a7b4-1e8f47140792
medium codex Share pricing and rollovers rely on untrusted IMM price conversions 0xb380162a6a68f37b07503ba1543d0e623bd81c3c $0.00 no 3 months ago 87395c2a-feff-4e13-a7b4-1e8f47140792
low codex Deposits credit the requested amount instead of the actual received amount 0xb380162a6a68f37b07503ba1543d0e623bd81c3c $0.00 no 3 months ago 87395c2a-feff-4e13-a7b4-1e8f47140792
medium codex Unprotected initializer lets anyone set an arbitrary interest rate (can DoS or misconfigure pools) 0x37d3a44c905663d7b77c9b574b941d4fbf713a91 $157,747.39 no 3 months ago 6bce16a7-166b-4e6e-9125-80042db25735
low codex ERC20 transfer return values are ignored in multiple flows 0x6bf15a530314d80baa5560539d7f327f3dbe0eec $0.00 no 3 months ago f38f9d46-f7d2-43c8-86c7-36df1df3905a
medium codex Blacklist bypass allows blacklisted holders to redeem/withdraw via requestRedeem or third-party instantRedeem 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago c90b2943-76a6-46ae-b0e5-9947bd96c023
low codex Batch claim processing does not clear fee component from daily requirements 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago c90b2943-76a6-46ae-b0e5-9947bd96c023
high codex Unprotected initialize lets anyone set pool interest rate 0xa2ffdc7efef98469d11370d91c0a17dc83ec2bda $161,822.91 no 3 months ago 006ad5b9-da71-47b0-b31d-5bb56d063f46
medium codex Interest accrual can revert for high rate * elapsed, freezing the pool 0xa2ffdc7efef98469d11370d91c0a17dc83ec2bda $161,822.91 no 3 months ago 006ad5b9-da71-47b0-b31d-5bb56d063f46
medium codex Unchecked JPGD transfers and 1:1 accounting enable balance desync with non-standard/fee tokens 0x05fc48447e0ac445042823dd36e3e4ed2ffdf6cb $162,389.70 no 3 months ago f76b99f1-db73-4dfa-bc73-036c64ae0326
low codex Owner-controlled vesting start can indefinitely lock staked JPGD after snapshot 0x05fc48447e0ac445042823dd36e3e4ed2ffdf6cb $162,389.70 no 3 months ago f76b99f1-db73-4dfa-bc73-036c64ae0326
low codex Owner can withdraw any token, breaking solvency for stakers/claimants 0x05fc48447e0ac445042823dd36e3e4ed2ffdf6cb $162,389.70 no 3 months ago f76b99f1-db73-4dfa-bc73-036c64ae0326
medium codex Blacklist bypass via redeem paths and approvals 0x8e91d0c719d7d1c0e6cef764c2437744763f7283 $0.00 no 3 months ago 7495aa02-8383-422c-8c74-0b63f8a7ce90
high codex Public supply functions let anyone move assets off the tracked provider, blocking withdrawals 0x83f798e925bcd4017eb265844fddabb448f1707d $159,466.24 no 3 months ago 25b64c9e-a9a5-474a-8faf-8e739aace6ae
medium codex Deposit can mint zero shares when pool>0 and totalSupply==0, permanently bricking new deposits 0x83f798e925bcd4017eb265844fddabb448f1707d $159,466.24 no 3 months ago 25b64c9e-a9a5-474a-8faf-8e739aace6ae
medium codex Signatures lack domain separation, enabling cross-contract/chain replay 0x717d0bf97ce58e14945f5e0320ee98381aeaddaf $0.00 no 3 months ago 0815ab6e-ac94-48f3-9332-fc564f6cd817
low codex Upgradeable implementation can be initialized directly 0x717d0bf97ce58e14945f5e0320ee98381aeaddaf $0.00 no 3 months ago 0815ab6e-ac94-48f3-9332-fc564f6cd817
medium codex Deposits credit the requested amount without verifying actual tokens received 0xb67d637b1301eeb56dba4555bbd15cd220f1aad6 $30,160.48 no 3 months ago fb8fd757-6def-433f-8414-4c2b5d1995b5
low codex Anyone can claim orders and choose the USD payout token, enabling bonus denial/griefing 0xb67d637b1301eeb56dba4555bbd15cd220f1aad6 $30,160.48 no 3 months ago fb8fd757-6def-433f-8414-4c2b5d1995b5
low codex Staking credits ignore actual received amount (fee-on-transfer token risk) 0xa17a8883da1abd57c690df9ebf58fc194edab66f $169,260.67 no 3 months ago f1cbd233-45c0-4ebf-9340-b7ed9fe4bae0
low codex Reward schedule can be set using staked principal or accrued rewards as backing 0xa17a8883da1abd57c690df9ebf58fc194edab66f $169,260.67 no 3 months ago f1cbd233-45c0-4ebf-9340-b7ed9fe4bae0
medium codex First oracle update ignores PERIOD, enabling short-window price manipulation 0x9dd78ea2b7a92b6cb5d4a495dac34f8641070ceb $169,604.82 no 3 months ago a386b194-baf5-428b-9962-3a89e8adeeb2
low codex Pair can be reinitialized by factory after deployment 0x9dd78ea2b7a92b6cb5d4a495dac34f8641070ceb $169,604.82 no 3 months ago a386b194-baf5-428b-9962-3a89e8adeeb2
low codex Burn parameter order inconsistent between interface/documentation and implementation 0x9dd78ea2b7a92b6cb5d4a495dac34f8641070ceb $169,604.82 no 3 months ago a386b194-baf5-428b-9962-3a89e8adeeb2
low codex Oracle update can divide by zero on first call in the same block as creation 0x9dd78ea2b7a92b6cb5d4a495dac34f8641070ceb $169,604.82 no 3 months ago a386b194-baf5-428b-9962-3a89e8adeeb2
high codex Unprotected initializer lets any caller take ownership of distribution parameters 0x9cd8d3c4380ab48d7cca425e34166efd2147ee40 $165,983.33 no 3 months ago 4b6d808e-caa6-4fa9-9cd9-5efbcbdeeda0
medium codex setToken is unrestricted and can be front‑run to brick or redirect the distribution 0x9cd8d3c4380ab48d7cca425e34166efd2147ee40 $165,983.33 no 3 months ago 4b6d808e-caa6-4fa9-9cd9-5efbcbdeeda0
medium codex Underflow in balance cap check blocks tokens with <9 decimals 0xf92cd566ea4864356c5491c177a430c222d7e678 $172,958.15 no 3 months ago 882ae0e9-fd6a-4ceb-881d-f1d42a224906
medium codex LPToDOKI.withdraw updates balances after external token transfer 0xde846827ce3022ecd5efd6ed316a2def9ab299b8 $177,058.38 no 3 months ago 8696931a-1274-4227-8ddf-d43b9eb04167
medium codex Privileged address can selfdestruct the contract 0x0401b3e1f554b574da26482311dfb9414e382afa $177,290.18 no 3 months ago d295e25c-e0df-4ff8-a962-da094f11ac94
medium codex Privileged address can perform arbitrary external calls with value 0x0401b3e1f554b574da26482311dfb9414e382afa $177,290.18 no 3 months ago d295e25c-e0df-4ff8-a962-da094f11ac94
low codex Withdrawal cooldown bypassable via LP token transfers 0xa92299289361fdcbb4ce9acbb512a84bd5fab37d $0.00 no 3 months ago 09655295-9ca8-4866-aeae-e0cd31e478e3
info codex LP token admin can grant VAULT_ROLE and mint unbacked shares 0xa92299289361fdcbb4ce9acbb512a84bd5fab37d $0.00 no 3 months ago 09655295-9ca8-4866-aeae-e0cd31e478e3
medium codex Pool initialization is permissionless and can be front-run 0x78d43a889f42a344fe98c3fb9455791dc8178d55 $0.00 no 3 months ago 9a608d87-4d7f-4721-8bdf-dd60e7f10e20
low codex Permit domain separator is cached without chainId check, enabling fork replay 0x78d43a889f42a344fe98c3fb9455791dc8178d55 $0.00 no 3 months ago 9a608d87-4d7f-4721-8bdf-dd60e7f10e20
low codex Non-expiring campaigns cannot be clawed back when protocol fee is zero 0xac48cfe22c21d85b488dfbfbc4e94279b7c84a37 $180,652.75 no 3 months ago 7274b3df-d91b-4045-b726-0de8607e38de
low codex Unchecked ERC20 transfer return value (silent failures possible) 0x22cb7c436decc35542c8599c7f0b6a0b7c609371 $67,385.05 no 3 months ago 28beba35-69fc-4696-bdc3-790cf8022029
medium codex Reentrant exit can double-withdraw a lockup via claimBonus external transfer 0x65c0dfbb89a35e3e514e0b02eca34ac2e3bbf7ef $0.00 no 3 months ago 1d8ee4e7-546b-49b6-a785-21b6dbd061e5