TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low codex Division by zero in WRN reward math can block exits if totalMultiplier is zero 0x65c0dfbb89a35e3e514e0b02eca34ac2e3bbf7ef $0.00 no 3 months ago 1d8ee4e7-546b-49b6-a785-21b6dbd061e5
low codex Incorrect ceil_div overestimates exact divisions and can revert on large inputs 0x2fe16dd18bba26e457b7dd2080d5674312b026a2 $201,034.48 no 3 months ago 9648f11d-9f3c-4a68-980a-9cb3ee913d22
medium codex Auto‑liquidation signatures lack domain separation and replay protection 0xd8dfc66f21149dda5b6904b9c9bcf3c62db303cd $0.00 no 3 months ago cb0d0890-71b6-43c1-9e9b-faffab747a65
low codex Withdrawal lock can be bypassed by transferring vault tokens 0xd8dfc66f21149dda5b6904b9c9bcf3c62db303cd $0.00 no 3 months ago cb0d0890-71b6-43c1-9e9b-faffab747a65
info codex Unchecked ERC20 approve return value during migration 0xd8dfc66f21149dda5b6904b9c9bcf3c62db303cd $0.00 no 3 months ago cb0d0890-71b6-43c1-9e9b-faffab747a65
medium codex `report()` is reentrancy‑reachable before `strategyLastReport`/`lastReport` updates 0x349c996c4a53208b6eb09c103782d86a3f1bb57e $184,646.42 no 3 months ago 3434233f-be8f-4773-8512-d71d9cb934b3
low codex Share/accounting mismatch for fee‑on‑transfer or rebasing underlying tokens 0x349c996c4a53208b6eb09c103782d86a3f1bb57e $184,646.42 no 3 months ago 3434233f-be8f-4773-8512-d71d9cb934b3
medium codex Delegatecall to external OrderManager gives it full control of vault storage 0x6ac78b7d787b5ddde1b342a1346fb545acf44e01 $0.00 no 3 months ago 4a6f5ba6-2691-48c0-bd6e-c5c33012cb30
medium codex Unrestricted swap callback can spoof reserves and corrupt vault accounting 0x6ac78b7d787b5ddde1b342a1346fb545acf44e01 $0.00 no 3 months ago 4a6f5ba6-2691-48c0-bd6e-c5c33012cb30
medium codex Initializer is publicly callable (only guarded by isInitialized flag) 0xb95193fba71b82b245cb3456d1dd2c15ee779e01 $0.00 no 3 months ago 214e9e7c-7d46-4b18-968f-335f407b9ed8
medium codex Strategy reporting functions lack caller validation 0xf296b1113cc49ae4c6890e7b5dd3bed780407487 $0.00 no 3 months ago 32eb8a4e-dc98-43be-afb6-db26de4e26fb
low codex Allowance can be spent multiple times via reentrancy in transferFrom 0xf296b1113cc49ae4c6890e7b5dd3bed780407487 $0.00 no 3 months ago 32eb8a4e-dc98-43be-afb6-db26de4e26fb
info codex Implementation contract is initializable (not locked) 0xf296b1113cc49ae4c6890e7b5dd3bed780407487 $0.00 no 3 months ago 32eb8a4e-dc98-43be-afb6-db26de4e26fb
medium codex Oracle price freshness is not enforced, allowing stale prices 0x717170b66654292dfbd89c39f5ae6753d2ac1381 $196,976.04 no 3 months ago 1e6b6a15-2941-4d1e-8cea-d31117070bed
low codex Collateral withdrawal can skip ratio enforcement when computed ratio rounds to zero 0x717170b66654292dfbd89c39f5ae6753d2ac1381 $196,976.04 no 3 months ago 1e6b6a15-2941-4d1e-8cea-d31117070bed
medium codex Fee-on-transfer or rebasing assets break accounting and can create unbacked balances 0xf76a7887521a91b47c62060ba57549dec1dc88c7 $190,857.26 no 3 months ago 6a9f8fb4-2803-400f-a1bc-5e8206080eb7
medium codex Checkpointing after long gaps can permanently lock undistributed tokens 0xd3cf852898b21fc233251427c2dc93d3d604f3bb $195,411.19 no 3 months ago aae94f7c-836c-4390-a20d-a9e2f0e8a71c
low codex Resolver response and success are not validated before delegatecall 0xdfc0b0a0dc341b6c83267a0121d820f16d3e59c7 $192,990.51 no 3 months ago c9cd9a6d-1d93-4304-8e92-802c612866c8
info codex Implementation address is resolved via external resolver each call 0xdfc0b0a0dc341b6c83267a0121d820f16d3e59c7 $192,990.51 no 3 months ago c9cd9a6d-1d93-4304-8e92-802c612866c8
medium codex Opening fee deducted after collateral check allows undercollateralized borrows 0x98eb27e5f24fb83b7d129d789665b08c258b4ccf $200,096.48 no 3 months ago ef44eea5-4f3a-4284-83ee-696fedf14b96
low codex Unchecked ERC20 transfers in withdrawInterest/burn can silently fail 0x98eb27e5f24fb83b7d129d789665b08c258b4ccf $200,096.48 no 3 months ago ef44eea5-4f3a-4284-83ee-696fedf14b96
low codex ERC20 transfer return value unchecked in claim payout 0x97dfbff1e89eac4fb84a372d6a4ec9cf52225afb $200,308.58 no 3 months ago 9824b367-42cd-45ef-8a5b-28f569eddd3a
high codex Unprotected initializer lets anyone become OWNER_ROLE if initialization is front‑run or forgotten 0xbe607a58206180fef691bf1b5ae9670174284388 $0.00 no 3 months ago 1fa951b9-2131-457c-8c77-edb910fcb7c3
medium codex batchExecute reuses msg.value across delegatecalls, enabling protocol-fee inflation 0xa26e80e7dea86279c6d778d702cc413e6cffa777 $206,938.93 no 3 months ago 16d829c8-3cab-4cbb-9742-3289e5bd9a3d
low codex Unchecked ERC20 transfer return values in ZRX vault and reward payouts 0xa26e80e7dea86279c6d778d702cc413e6cffa777 $206,938.93 no 3 months ago 16d829c8-3cab-4cbb-9742-3289e5bd9a3d
low codex Strategy can be permanently bricked after total supply hits zero (division by zero on mint/burn paths) 0x3ae72b6f5fb854eaa2b2b862359b6fca7e4bc2fc $207,915.84 no 3 months ago dc874f74-a1be-495d-a37a-0a8993a903eb
low codex ERC20Permit does not enforce EIP-2 lower‑s / v range checks (signature malleability) 0x3ae72b6f5fb854eaa2b2b862359b6fca7e4bc2fc $207,915.84 no 3 months ago dc874f74-a1be-495d-a37a-0a8993a903eb
high codex NFT burn lacks ownership check, enabling destruction of others’ tokens 0xc36cf0cfcb5d905b8b513860db0cfe63f6cf9f5c $208,137.22 no 3 months ago 5ee92886-8335-43e3-bee9-4a7cb539a22c
medium codex Non‑fungible transfers accept arbitrary _value, breaking base‑type accounting 0xc36cf0cfcb5d905b8b513860db0cfe63f6cf9f5c $208,137.22 no 3 months ago 5ee92886-8335-43e3-bee9-4a7cb539a22c
low codex Signature verification allows malleable signatures and packed-encoding ambiguity 0xc36cf0cfcb5d905b8b513860db0cfe63f6cf9f5c $208,137.22 no 3 months ago 5ee92886-8335-43e3-bee9-4a7cb539a22c
medium codex Global deposit counter lets any user inflate withdrawal fees or block withdrawals 0xdfc61bae9ac44758bf3e08fd248f2f1561236b51 $235,386.10 no 3 months ago ec521ee3-e27c-458a-99dd-4f685b433233
info codex Hardcoded liquidity manager can arbitrarily move assets and grant withdrawal rights 0xcad22983d6e9336cfa1a604a4aaee6a40485f911 $201,770.61 no 3 months ago fdc96e56-7733-4245-94be-d45bb0bfa698
low codex renounceOwnership can be reversed by a previously nominated owner 0xaedcfcdd80573c2a312d15d6bb9d921a01e4fb0f $206,828.85 no 3 months ago a707eba1-cb00-477e-932b-94b34a323437
medium codex Share minting fully trusts external TVL oracle without internal sanity checks 0x7bb1a6b19e37028b3aa5c580339c640720e35203 $214,622.89 no 3 months ago 5c9136af-117b-4158-85c8-f4b226b611a7
medium codex Accounting assumes full transfer amounts (fee-on-transfer/rebasing tokens break invariants) 0x7bb1a6b19e37028b3aa5c580339c640720e35203 $214,622.89 no 3 months ago 5c9136af-117b-4158-85c8-f4b226b611a7
low codex removeToken can desync dynasetTokens and records when passed an unbound token 0x7bb1a6b19e37028b3aa5c580339c640720e35203 $214,622.89 no 3 months ago 5c9136af-117b-4158-85c8-f4b226b611a7
medium codex Fee-on-transfer/rebasing tokens can drain bridge liquidity due to using nominal amounts 0x4f52b41a778761bd2eea5b7b7ed8cbdaa02cef3e $174,151.93 no 3 months ago 75d8a698-68e2-466a-b2b2-8bd25824ece8
low codex Operator privileges persist after ownership transfer 0x7ffe1ec3b0733e6455c790c6bbf8579e9552566b $237,320.20 no 3 months ago 7450153f-7c91-4384-9071-59cc3b2b264a
medium codex Initializer can be seized if proxy/implementation is left uninitialized 0x2e1ce0f2ab6b61d5a3d1682a77496c4611860b57 $0.00 no 3 months ago 4e8c3a13-f737-4379-a32a-ef45951dc98f
low codex Fee-on-transfer tokens break pool accounting 0x2e1ce0f2ab6b61d5a3d1682a77496c4611860b57 $0.00 no 3 months ago 4e8c3a13-f737-4379-a32a-ef45951dc98f
high codex Unprotected initialize allows admin/votingEscrow takeover 0x8549ba7f483afb13b8321830d6f07f30f0a2f1de $222,172.27 no 3 months ago 09fa5a2e-f3b7-46e9-8b86-0a03ea86c5f7
medium codex Claiming can revert when weekly total supply is zero 0x8549ba7f483afb13b8321830d6f07f30f0a2f1de $222,172.27 no 3 months ago 09fa5a2e-f3b7-46e9-8b86-0a03ea86c5f7
low codex Token distribution truncates after >20 weeks of inactivity 0x8549ba7f483afb13b8321830d6f07f30f0a2f1de $222,172.27 no 3 months ago 09fa5a2e-f3b7-46e9-8b86-0a03ea86c5f7
critical codex Unprotected proxy initialization allows takeover of DutchExchange 0x039fb002d21c1c5eeb400612aef3d64d49eb0d94 $0.00 no 3 months ago f48b1e81-4fa5-4c5d-a3aa-b4088c28d8f0
high codex Reentrancy window in withdraw before balance update 0x039fb002d21c1c5eeb400612aef3d64d49eb0d94 $0.00 no 3 months ago f48b1e81-4fa5-4c5d-a3aa-b4088c28d8f0
medium codex Oracle validity flag ignored; invalid/stale prices still used 0x039fb002d21c1c5eeb400612aef3d64d49eb0d94 $0.00 no 3 months ago f48b1e81-4fa5-4c5d-a3aa-b4088c28d8f0
low codex Unchecked low-level call in PriceFeed.post 0x039fb002d21c1c5eeb400612aef3d64d49eb0d94 $0.00 no 3 months ago f48b1e81-4fa5-4c5d-a3aa-b4088c28d8f0
medium codex External rate oracles / ERC4626 conversion feed directly into pricing without sanity bounds 0xb92b054b9cc33685e7f8c3f85177c4b6dc061391 $218,596.43 no 3 months ago b59a118d-c397-45af-8d13-1ddf618b6695
low codex Negative rebases can underflow admin-fee accounting and brick pool 0xb92b054b9cc33685e7f8c3f85177c4b6dc061391 $218,596.43 no 3 months ago b59a118d-c397-45af-8d13-1ddf618b6695
low codex Fee-on-transfer tokens can underfund streams and break protocol revenue accounting 0xb10daee1fcf62243ae27776d7a92d39dc8740f95 $216,450.13 no 3 months ago 27a2f35d-e022-40b2-a099-eb4efd5f89c4