TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Failed execTransaction still consumes tezosOperation, enabling gas‑griefing DoS and stuck unwraps 0x5dc76fd132354be5567ad617fd1fe8fb79421d82 $250,884.11 no 3 months ago 6d9075ea-e510-4702-8437-3a8481b449fa
medium codex execTransaction ignores return data, so ERC20 transfers that return false are treated as successful 0x5dc76fd132354be5567ad617fd1fe8fb79421d82 $250,884.11 no 3 months ago 6d9075ea-e510-4702-8437-3a8481b449fa
low codex Domain separator omits chainId, allowing cross‑chain signature replay 0x5dc76fd132354be5567ad617fd1fe8fb79421d82 $250,884.11 no 3 months ago 6d9075ea-e510-4702-8437-3a8481b449fa
medium codex Authorization uses tx.origin instead of msg.sender 0x089af8339c47cfbeab37d115325fc3d2b02f4a1e $231,828.32 no 3 months ago b3a1ceb2-01ee-4bdb-a95e-7486ad0194a2
high codex Unprotected initializer allows manager takeover if deployment is not atomic 0xb542d5cb34ef265fb87c170181127332f7797369 $0.00 no 3 months ago 57607431-8897-4c7e-aa5c-98624726087b
medium codex Fee-on-transfer/rebasing tokens break share accounting 0xf5bce5077908a1b7370b9ae04adc565ebd643966 $240,716.91 no 3 months ago 46cff257-db03-4435-9677-6bd04c33af53
high codex Unprotected initializer allows takeover of uninitialized AToken proxy 0x30d06a9a992473a6a5d8b54f56bf457fa020794d $0.00 no 3 months ago 4b4a6e13-aa21-49a9-b499-317b5b9e8f6e
low codex Permit signature malleability due to raw ecrecover 0x30d06a9a992473a6a5d8b54f56bf457fa020794d $0.00 no 3 months ago 4b4a6e13-aa21-49a9-b499-317b5b9e8f6e
medium codex MarketMakerProxy accepts zero SIGNER, allowing signature bypass with invalid signatures 0x4a14347083b80e5216ca31350a2d21702ac3650d $473,613.07 no 3 months ago f79cdfdf-c2a6-4381-8634-dcbefab1610e
high codex Public initializers enable proxy takeover if not called atomically 0x281aa2e0684439ed9fee12eff0d8ff346b755a39 $0.00 no 3 months ago 845cb09f-5c1f-4394-8c8b-28bd2c6cb69a
medium codex KRWT ownership can be reclaimed after renounce via initialize 0x281aa2e0684439ed9fee12eff0d8ff346b755a39 $0.00 no 3 months ago 845cb09f-5c1f-4394-8c8b-28bd2c6cb69a
low codex Fee validation uses OR, allowing invalid fees that break mint/withdraw math 0x281aa2e0684439ed9fee12eff0d8ff346b755a39 $0.00 no 3 months ago 845cb09f-5c1f-4394-8c8b-28bd2c6cb69a
info codex Proxy initializer updates name/symbol without updating EIP-712 domain 0x281aa2e0684439ed9fee12eff0d8ff346b755a39 $0.00 no 3 months ago 845cb09f-5c1f-4394-8c8b-28bd2c6cb69a
low codex Fee-on-transfer/rebasing ERC20s can break pool accounting 0xb419c2867ab3cbc78921660cb95150d95a94ce86 $238,551.59 no 3 months ago bbe6df07-a5d0-437c-95c1-fe533e32b67d
medium codex Permit DOMAIN_SEPARATOR is immutable; clone deployments allow cross-pair signature replay 0x7290367aa694703220516a35e68e3d339ee7d193 $0.00 no 3 months ago a63772f1-048a-4d9c-860a-5b89e63f052c
medium codex initialize is permissionless and can be front-run to hijack a pair 0x7290367aa694703220516a35e68e3d339ee7d193 $0.00 no 3 months ago a63772f1-048a-4d9c-860a-5b89e63f052c
low codex Protocol fee mints even when feeTo is unset, causing LP dilution 0x7290367aa694703220516a35e68e3d339ee7d193 $0.00 no 3 months ago a63772f1-048a-4d9c-860a-5b89e63f052c
high codex Unprotected initializer enables ownership takeover on uninitialized deployments 0xd928d07d9c2629ecd3f3b81685b27bd50383f028 $0.00 no 3 months ago 28c692cb-34be-4594-99b9-e4f1085a916a
high codex Withdrawals ignore locked collateral, enabling pool insolvency 0xb9ed94c6d594b2517c4296e24a8c517ff133fb6d $249,700.33 no 3 months ago 4512afe7-5f93-4201-92ac-099a73dc43a6
medium codex Chainlink price used without freshness/positivity checks 0xb9ed94c6d594b2517c4296e24a8c517ff133fb6d $249,700.33 no 3 months ago 4512afe7-5f93-4201-92ac-099a73dc43a6
low codex Unrestricted `poolApprove` lets anyone grant unlimited allowances from Facade 0xb9ed94c6d594b2517c4296e24a8c517ff133fb6d $249,700.33 no 3 months ago 4512afe7-5f93-4201-92ac-099a73dc43a6
medium codex Unprotected initializer allows takeover of uninitialized proxy or post-upgrade reinitialization 0x850e6306c2777e1a66b66680c7999240e7d312bf $0.00 no 3 months ago d07213c7-d170-4ec7-9a2f-5a0a3c2a27d3
medium codex Votes are not reduced when stake is withdrawn, enabling vote‑reuse if withdrawals occur before proposal end 0x91e0fed1816f96652394423479537da3a4cdc929 $244,679.78 no 3 months ago e6a9694d-1da0-4b2d-a150-5c28b1f8078a
low codex Zero‑vote proposals cannot be tallied due to division by zero 0x91e0fed1816f96652394423479537da3a4cdc929 $244,679.78 no 3 months ago e6a9694d-1da0-4b2d-a150-5c28b1f8078a
low codex Off‑by‑one proposal IDs cause event IDs to point to the wrong proposal 0x91e0fed1816f96652394423479537da3a4cdc929 $244,679.78 no 3 months ago e6a9694d-1da0-4b2d-a150-5c28b1f8078a
medium codex Swap pricing fully trusts external oracle output (no invariant check) 0x8b0bb0d0d8b3d83ebb7c1b49d79d74df396634c6 $246,476.88 no 3 months ago 7f435b0b-07c9-42c2-8634-81c9a806bf16
low codex Pair initialization can be called multiple times by the factory 0x8b0bb0d0d8b3d83ebb7c1b49d79d74df396634c6 $246,476.88 no 3 months ago 7f435b0b-07c9-42c2-8634-81c9a806bf16
low codex Permit signatures are malleable (no EIP‑2 `s`/`v` checks) 0x8b0bb0d0d8b3d83ebb7c1b49d79d74df396634c6 $246,476.88 no 3 months ago 7f435b0b-07c9-42c2-8634-81c9a806bf16
medium codex Oracle price feeds directly set strike/premium/exercise costs without added integrity checks 0x8abf5358a88ca2586635d646aaaff172572fb0ed $0.00 no 3 months ago 3cda34f9-1fd9-4a06-ad4d-43dfafce2985
low codex RFQ/mint options lack strike/expiry validation, enabling underflow and unexercisable options 0x8abf5358a88ca2586635d646aaaff172572fb0ed $0.00 no 3 months ago 3cda34f9-1fd9-4a06-ad4d-43dfafce2985
medium codex Unchecked ERC20 return values allow silent failures and loss on redeem 0x4809010926aec940b550d34a46a52739f996d75d $254,732.60 no 3 months ago bda9f9dc-1008-4ba4-9734-24de3e36a576
low codex Unchecked ERC20 transfer return value can silently fail and skew vesting behavior 0x953c32158602e9690c6e86b94b230b5951b51a73 $250,000.00 no 3 months ago a960024e-2b54-4060-916f-c51d68cfaf24
medium codex Blacklist can be bypassed via allowance-based redemption/claims 0xf2cd14f02b4fdc0d26681fbc7f60a11b8378f96d $0.00 no 3 months ago cae98014-97ad-4a90-995b-7a0ce222c6b0
low codex External asset change limit can be bypassed when values are <1 0xf2cd14f02b4fdc0d26681fbc7f60a11b8378f96d $0.00 no 3 months ago cae98014-97ad-4a90-995b-7a0ce222c6b0
low codex Fee-on-transfer or rebasing tokens break staking/reward accounting and can zero out user rewards 0xb1f131437e314614313aab3a3016fa05c1b0e087 $255,379.10 no 3 months ago 368dc22a-e2f4-4de7-b6ef-d1be70122119
info codex Initializer is publicly callable if deployed/left uninitialized 0xb1f131437e314614313aab3a3016fa05c1b0e087 $255,379.10 no 3 months ago 368dc22a-e2f4-4de7-b6ef-d1be70122119
medium codex Minting ignores actual received underlying, enabling undercollateralization with fee-on-transfer tokens 0x7ea2be2df7ba6e54b1a9c70676f668455e329d29 $253,816.35 no 3 months ago 0c565d08-f42f-431c-9f44-84e9a2ba2c0c
low codex Recipient guard uses OR, allowing transfers to zero or self and locking funds 0x7ea2be2df7ba6e54b1a9c70676f668455e329d29 $253,816.35 no 3 months ago 0c565d08-f42f-431c-9f44-84e9a2ba2c0c
info codex Owner can execute arbitrary external calls (multicall) 0x5f5aca1da12fa906fe2d9cbfcee284ae18b40e08 $270,940.00 no 3 months ago 10f2851f-10fd-400c-94e2-4f0602fb8ced
high codex Initializer can be called by anyone before owners are set 0x95ca2f7959f8848795dfb0868c1b0c59dd4e9330 $0.00 no 3 months ago e566fdea-a7ec-4850-8cb6-a61d047e3f9d
medium codex External call failures consume nonce and can mask failed token transfers 0x95ca2f7959f8848795dfb0868c1b0c59dd4e9330 $0.00 no 3 months ago e566fdea-a7ec-4850-8cb6-a61d047e3f9d
low codex Signed message lacks chain/domain separation (cross-chain replay risk) 0x95ca2f7959f8848795dfb0868c1b0c59dd4e9330 $0.00 no 3 months ago e566fdea-a7ec-4850-8cb6-a61d047e3f9d
medium codex Fee-on-transfer tokens can be over-credited during transit 0xc8c1b41713761281a520b7ad81544197bc85a4ce $314,551.19 no 3 months ago ecbd4a63-528c-4904-a826-66055a86935c
medium codex Withdrawal signatures lack domain separation, enabling cross-contract/chain replay 0xc8c1b41713761281a520b7ad81544197bc85a4ce $314,551.19 no 3 months ago ecbd4a63-528c-4904-a826-66055a86935c
low codex Signer can be set to zero address, weakening signature validation 0xc8c1b41713761281a520b7ad81544197bc85a4ce $314,551.19 no 3 months ago ecbd4a63-528c-4904-a826-66055a86935c
low codex Fee-on-transfer tokens break pool accounting and allow value extraction 0xf08d4dea369c456d26a3168ff0024b904f2d8b91 $286,377.62 no 3 months ago 2cd84221-a81a-485d-a866-8346329f1cca
medium codex Fee-on-transfer tokens break accounting and allow excess LP minting 0x965cc658158a7689fbb6c4df735aa435c500c29b $0.00 no 3 months ago 15ac169e-dc7f-43ef-b03e-7068b7fd1271
medium codex Cached yToken balances let new LPs capture unaccounted yield 0x965cc658158a7689fbb6c4df735aa435c500c29b $0.00 no 3 months ago 15ac169e-dc7f-43ef-b03e-7068b7fd1271
low codex initialize is reusable and mints LP tokens at a fixed 1:1 rate 0x965cc658158a7689fbb6c4df735aa435c500c29b $0.00 no 3 months ago 15ac169e-dc7f-43ef-b03e-7068b7fd1271
medium codex Quorum approvals do not bind action parameters, allowing last signer to choose arbitrary values 0x0629c8153eb19fb19b44dff1804fad66360a5441 $291,419.55 no 3 months ago 32a97564-7bf6-471b-b139-f8c4b61428d3