TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low codex ERC20 transfer return values are unchecked 0x0629c8153eb19fb19b44dff1804fad66360a5441 $291,419.55 no 3 months ago 32a97564-7bf6-471b-b139-f8c4b61428d3
low codex Quota revenue can be modified by any credit manager 0x0eecbdbf7331b8a50fcd0bf2c267bf47bd876054 $283,852.54 no 3 months ago 2471907b-e113-4c7f-8946-ea0343735370
high codex Unrestricted initializer allows proxy takeover if not initialized atomically 0x30d06a9a992473a6a5d8b54f56bf457fa020794d $0.00 no 3 months ago 0589f940-a7f8-42a6-985f-77e5f0b4e9ab
low codex sellAsset does not enforce the caller’s maxAmount after fee/rounding adjustments 0x7dadf78d641f7ad327aeb0f71e97b6229345eca4 $0.00 no 3 months ago 9707eaa0-327d-4499-891d-f96c86f59835
high codex Delegatecall into adapter grants full vault control if adapter is compromised or upgradeable 0x7a477d6570386e2b9d0f14d03bd976b0c68b94b9 $0.00 no 3 months ago 0bcec04f-71c6-45e6-b451-df0c2c08db21
medium codex Initializer can be front‑run if deployment does not initialize atomically 0x7a477d6570386e2b9d0f14d03bd976b0c68b94b9 $0.00 no 3 months ago 0bcec04f-71c6-45e6-b451-df0c2c08db21
low codex Implementation contract not locked against initialization 0x37555f2e573b7d84fe0a09365d3a443509e0f645 $0.00 no 3 months ago 9fa9421d-55fc-4a1c-bd24-abcb9b4c1d7e
low codex Old TSS retains PAUSER_ROLE after TSS rotation 0x37555f2e573b7d84fe0a09365d3a443509e0f645 $0.00 no 3 months ago 9fa9421d-55fc-4a1c-bd24-abcb9b4c1d7e
low codex Liquidation path does not update tokenDebts, drifting debt-limit accounting 0xb1cff81b9305166ff1efc49a129ad2afcd7bcf19 $328,591.09 no 3 months ago 97545a90-9bde-4620-9d97-4cdb67b2e665
low codex Legacy forwarder lacks payload-size checks after deprecation 0xdac17f958d2ee523a2206206994597c13d831ec7 $2,253,681.15 no 3 months ago 2b376d5a-7463-439f-990e-2ac02e70a615
medium codex Permissionless closeRound can bypass burning unsold oTokens 0x9a056f0040e1e84245bd7a79ed580ff1b1c44e95 $0.00 no 3 months ago 9d3c7d85-a3b0-4002-a5b2-7bb992cf7219
medium codex Fee collection can render refunds insolvent during the refund window 0x984f7dbd76286a9ce4c68ac84bb098c5fff3ed62 $0.00 no 3 months ago 73252535-2ea1-4a23-a722-3f8641951082
low codex Implementation contract is not locked against direct initialization 0x984f7dbd76286a9ce4c68ac84bb098c5fff3ed62 $0.00 no 3 months ago 73252535-2ea1-4a23-a722-3f8641951082
low codex Refund receiver can drain refund tokens at any time 0x984f7dbd76286a9ce4c68ac84bb098c5fff3ed62 $0.00 no 3 months ago 73252535-2ea1-4a23-a722-3f8641951082
low codex Privileged SELFDESTRUCT path (kill switch) present 0x828ae1566824a9835acb6f565e1e9ea22bfb883a $514,844.47 no 3 months ago acebfaeb-b1a5-4870-be13-af98cd1e9636
medium codex Accounting assumes full ERC20 transfers; fee‑on‑transfer/rebasing tokens can mint excess cpTokens or underpay debt 0x2e1ce0f2ab6b61d5a3d1682a77496c4611860b57 $0.00 no 3 months ago 34a90f5f-1d83-49d7-99ca-888574976d6b
medium codex Unrestricted initializer lets first caller become factory if initialization is not atomic 0x2e1ce0f2ab6b61d5a3d1682a77496c4611860b57 $0.00 no 3 months ago 34a90f5f-1d83-49d7-99ca-888574976d6b
high codex Upgradeable proxy can be taken over if not initialized atomically 0x0e6590f64a82cbc838b2a087281689de1a5bc8e0 $0.00 no 3 months ago 0f2dae3b-fa8e-4cc8-9793-fb705919c460
low codex Dispute deposit accounting assumes full transfer, risking permanent dispute lock with fee-on-transfer tokens 0x0e6590f64a82cbc838b2a087281689de1a5bc8e0 $0.00 no 3 months ago 0f2dae3b-fa8e-4cc8-9793-fb705919c460
low codex `tx.origin` allows bypassing operator-only claim policy 0x0e6590f64a82cbc838b2a087281689de1a5bc8e0 $0.00 no 3 months ago 0f2dae3b-fa8e-4cc8-9793-fb705919c460
high codex Initializer chaining uses `initializer` on parent functions, causing init revert and enabling role takeover/DoS 0xc616eaf17c5e3349c1fa493459494bb4dd0fd788 $0.00 no 3 months ago 2deaa8fd-acba-426c-b3ce-676760114af5
medium codex Fee-on-transfer ERC20s over-credit deposits, breaking accounting 0xc616eaf17c5e3349c1fa493459494bb4dd0fd788 $0.00 no 3 months ago 2deaa8fd-acba-426c-b3ce-676760114af5
high codex Initializer callable by anyone can set owner if not initialized 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 3 months ago f0cc17b9-48e1-4232-bd71-d421f424b320
low codex ERC20 transferFrom return value not checked 0x5018cc0d628fb322b2a040cfcd269a36c60b1538 $0.00 no 3 months ago f0cc17b9-48e1-4232-bd71-d421f424b320
critical codex Unprotected initializer allows proxy takeover 0x2bae491b065032a76be1db9e9ecf5738afae203e $0.00 no 3 months ago a05c4fac-ff2e-4d67-b086-539db9c0a0b3
medium codex External FRT mint before state updates enables reentrancy in claim flows 0x2bae491b065032a76be1db9e9ecf5738afae203e $0.00 no 3 months ago a05c4fac-ff2e-4d67-b086-539db9c0a0b3
medium codex Unverified keeper-supplied currentBalance drives pricePerShare and locked accounting 0xd912325c960f1a6276f1e905d2f7715bd3d5c06d $346,166.04 no 3 months ago 44965f42-5493-4803-b5d3-c3ecb3a30541
low codex Deposits credit the requested amount before transfer, allowing fee-on-transfer tokens to inflate shares 0xd912325c960f1a6276f1e905d2f7715bd3d5c06d $346,166.04 no 3 months ago 44965f42-5493-4803-b5d3-c3ecb3a30541
medium codex borrowBehalf lacks reentrancy guard, enabling nested calls during underlying transfer 0xefdf5ccc12d8cff4a7ed4e421b95f8f69cf2f766 $0.00 no 3 months ago e861a905-892a-48df-87c8-ed66476df752
low codex Reward claims update state after transfer, allowing reentrant double-claims with hook-enabled tokens 0xefdf5ccc12d8cff4a7ed4e421b95f8f69cf2f766 $0.00 no 3 months ago e861a905-892a-48df-87c8-ed66476df752
low codex Bootstrap mint can zero out first depositor shares 0x79400a2c9a5e2431419cac98bf46893c86e8bdd7 $347,747.31 no 3 months ago 84ff0dad-46bd-4cdc-a575-0515acc1b2bd
high codex Unprotected initialization enables auction takeover if not initialized atomically 0x364b7e2d5b11b9d2016d232fa271d89d5e6065f1 $0.00 no 3 months ago d49d2b94-52b3-40cd-ba7d-b3d971c536fe
medium codex Debt > credit underflow can brick totalAssets and withdrawals 0xfd6db5011b171b05e1ea3b92f9eacaeeb055e971 $362,528.08 no 3 months ago b806a3f0-ce94-4e32-977e-bb6d911ba46b
low codex Chainlink answeredInRound not checked in price fetch 0xfd6db5011b171b05e1ea3b92f9eacaeeb055e971 $362,528.08 no 3 months ago b806a3f0-ce94-4e32-977e-bb6d911ba46b
medium codex Uninitialized clones allow anyone to pass onlyOwner/ownerOrRoller checks 0x49c431454c40ecbf848096f2753b2abc3a699a10 $0.00 no 3 months ago d1e28cbb-a34f-4498-94e3-2391c9e61ac5
medium codex adjust() trusts caller-supplied collateral amount, enabling undercollateralized minting with fee-on-transfer tokens 0x49c431454c40ecbf848096f2753b2abc3a699a10 $0.00 no 3 months ago d1e28cbb-a34f-4498-94e3-2391c9e61ac5
low codex ERC20 transfer/transferFrom return values are unchecked 0x49c431454c40ecbf848096f2753b2abc3a699a10 $0.00 no 3 months ago d1e28cbb-a34f-4498-94e3-2391c9e61ac5
medium codex Unprotected initializer allows takeover of uninitialized proxy modules 0x04ead25447f9371c5c1e2c33645f32aafeb337dc $0.00 no 3 months ago 4fbb62c4-4aab-4014-9fcc-2c357684d5a5
medium codex Shares minted on nominal deposit amount allow inflation with fee-on-transfer/rebasing tokens 0xace74f217aef8085f328cc1d73757d913b7eea39 $0.00 no 3 months ago f114d8d4-0fbe-4ad5-b83e-757493d1dc7d
low codex doHardWorkWithoutRebalance resets totalInvested, breaking accounting and fee calculations 0xace74f217aef8085f328cc1d73757d913b7eea39 $0.00 no 3 months ago f114d8d4-0fbe-4ad5-b83e-757493d1dc7d
low codex Upgrade scheduling lacks validation of implementation address 0xace74f217aef8085f328cc1d73757d913b7eea39 $0.00 no 3 months ago f114d8d4-0fbe-4ad5-b83e-757493d1dc7d
medium codex Fee-on-transfer/rebasing tokens can desync accounting and make withdrawals insolvent 0x38d43a6cb8da0e855a42fb6b0733a0498531d774 $321,629.01 no 3 months ago 4d2430de-9b62-4280-b240-500b58b1688c
high codex Unprotected initialize allows ownership takeover 0x0bc8c8212c0c74773671c4badb18999c2b07f3c6 $0.00 no 3 months ago 4bfc085c-4949-4583-ba5f-ccaa37b0cce6
high codex Signed execution appears replayable (no nonce/used-hash storage) 0x3ef1c8133d80665ec873ac41e152dda3251a7606 $389,012.80 no 3 months ago c73bdf6c-5147-4fd5-ad47-f180be523585
medium codex Slot0 can be set by anyone if it is zero (initializer-style bypass) 0x3ef1c8133d80665ec873ac41e152dda3251a7606 $389,012.80 no 3 months ago c73bdf6c-5147-4fd5-ad47-f180be523585
low codex ECDSA malleability not checked (no v/s validation) 0x3ef1c8133d80665ec873ac41e152dda3251a7606 $389,012.80 no 3 months ago c73bdf6c-5147-4fd5-ad47-f180be523585
medium codex Auto-accept uses unadjusted bid amount and skips bid validation 0xe5bfab544eca83849c53464f85b7164375bdaac1 $394,848.32 no 3 months ago 3fa187e1-76d0-4757-95f2-cd89d189d08b
medium codex Batch liquidations use potentially stale prices/interest for eligibility checks 0xefdf5ccc12d8cff4a7ed4e421b95f8f69cf2f766 $0.00 no 3 months ago 882b3f33-ba07-4c93-8fb6-781332075158
medium codex Reentrant reward claims can double-spend `rewardTokenAccrued` 0xefdf5ccc12d8cff4a7ed4e421b95f8f69cf2f766 $0.00 no 3 months ago 882b3f33-ba07-4c93-8fb6-781332075158
medium codex Initializer callable by anyone if proxy is left uninitialized 0xd899ac9283a44533c36bc8373f5c898b0d5fc03e $0.00 no 3 months ago b479bfda-eb37-43d5-85e2-1aa5c65f698f