TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex Oracle price is trusted without validation or bounds 0xf6a8e47daeeddcce297e7541523e27df2f167bf3 $0.00 no 3 months ago 90afe0c9-12a0-47b2-82ff-b59e5a092a6a
low codex Internal balance accounting breaks for fee-on-transfer or rebasing tokens 0xf6a8e47daeeddcce297e7541523e27df2f167bf3 $0.00 no 3 months ago 90afe0c9-12a0-47b2-82ff-b59e5a092a6a
low codex Unrestricted time manipulation if a test Timer is configured 0xe1ee8d4c5dba1c221840c08f6cf42154435b9d52 $549,207.35 no 3 months ago d86b5759-8ecf-4c17-8bea-30bd5b9c6e60
medium codex initialize does not assign Ownable ownership to initialOwner 0x10c203fbfa80bb0855b615ba07ae5d001dcf2c1e $0.00 no 3 months ago 6c2f6309-b97c-4bb2-a53e-842ec90002c1
medium codex Reimbursement calculation relies on manipulable Uniswap V2 spot reserves 0x10c203fbfa80bb0855b615ba07ae5d001dcf2c1e $0.00 no 3 months ago 6c2f6309-b97c-4bb2-a53e-842ec90002c1
low codex Unchecked ERC20 return values for approve/mint 0x10c203fbfa80bb0855b615ba07ae5d001dcf2c1e $0.00 no 3 months ago 6c2f6309-b97c-4bb2-a53e-842ec90002c1
high codex onlyL2Bridge fails open when messenger wrapper is unset or non-contract 0x3666f603cc164936c1b87e207f36beba4ac5f18a $538,298.12 no 3 months ago d486ca60-71f4-4936-9bef-5d94fbca5fdd
high codex Initializer callable after constructor enables ownership takeover on non-atomic deployments 0x8cfec459f62055ed3104a577c6613522c10b55c4 $0.00 no 3 months ago b204c673-73d8-4a76-b490-0df979244afc
high codex Withdraw/redeem always revert due to double nonReentrant in yTHOR overrides 0x8793cd69895c45b2d2474236b3cb28fc5c764775 $263,485.84 no 3 months ago 478c0b93-42fb-420f-976c-10c0f10515a8
low codex Accounting assumes asset/reward tokens transfer the full requested amount 0x8793cd69895c45b2d2474236b3cb28fc5c764775 $263,485.84 no 3 months ago 478c0b93-42fb-420f-976c-10c0f10515a8
low codex Signed rewardDebt can exceed accumulated after rounding, causing negative pending and claim DoS 0x8793cd69895c45b2d2474236b3cb28fc5c764775 $263,485.84 no 3 months ago 478c0b93-42fb-420f-976c-10c0f10515a8
high codex Unrestricted dispatcher initialize allows arbitrary sub-contract replacement and delegatecall execution 0x8c43c9bec15d82d153c52518030e0a9590abd35d $0.00 no 3 months ago 42220919-1f55-4be2-b0c0-1ee5ef2f8a32
high codex Nested initializer misuse bricks BToken initialization 0xd388b2a8e82df6a6c13a18ea7541df9449880954 $0.00 no 3 months ago df0b54ea-d387-4c94-beee-4819d345c6a5
high codex Privileged arbitrary delegatecall (owner backdoor) 0xe2b8eb988735f7709d08b7d07b41460073904830 $0.00 no 3 months ago 4e22cd5b-4962-4023-b255-f35d5e861e60
high codex Zero-in flashRebalance bypasses strategy validation and allows asset extraction 0xf90bb2baa90b457a35c37c5a96de2720ce367281 $0.00 no 3 months ago a6e01852-b60b-4be8-b0b9-857d2bbf0c58
medium codex Token recovery can sweep tracked assets due to disabled safety checks 0xf90bb2baa90b457a35c37c5a96de2720ce367281 $0.00 no 3 months ago a6e01852-b60b-4be8-b0b9-857d2bbf0c58
low codex Unchecked ETH transfer in recover can silently fail 0xf90bb2baa90b457a35c37c5a96de2720ce367281 $0.00 no 3 months ago a6e01852-b60b-4be8-b0b9-857d2bbf0c58
low codex Pre-transferred tokens can be claimed by anyone via exchange_received 0xee351f12eae8c2b8b9d1b9bfd3c5dd565234578d $605,273.80 no 3 months ago c9ec9bf5-5ece-4860-b199-9fddd62d46ef
low codex Unchecked ERC20 transfer return can mark claims as paid without transferring tokens 0x3d7b8d296f7d8e37ce57e556dea3dd6cb01b2f03 $629,116.27 no 3 months ago fff902d1-8613-4bc8-97f6-6dba982c6555
high codex Nested initializer modifiers brick initialization 0x1ef756da62278f3d43b0994f6e9e276f47a363e8 $0.00 no 3 months ago 14d2a919-005d-46a6-a7b3-489433ee41c1
low codex ERC20 transfer return value ignored 0x1ef756da62278f3d43b0994f6e9e276f47a363e8 $0.00 no 3 months ago 14d2a919-005d-46a6-a7b3-489433ee41c1
medium codex Unchecked ERC20 transfer return value can permanently burn claims 0xea402139c2a2c77ac724f6ab7724bc2938d30967 $583,386.53 no 3 months ago c28796c0-dadd-466a-a4b7-324e717eaa5f
low codex Snapshot validation compares block number to timestamp 0xea402139c2a2c77ac724f6ab7724bc2938d30967 $583,386.53 no 3 months ago c28796c0-dadd-466a-a4b7-324e717eaa5f
low codex Division by zero if totalSupplyAt snapshot is zero 0xea402139c2a2c77ac724f6ab7724bc2938d30967 $583,386.53 no 3 months ago c28796c0-dadd-466a-a4b7-324e717eaa5f
medium codex Accounting assumes full token transfers; fee-on-transfer/rebasing tokens can mint excess value 0xc629a01ec23ab04e1050500a3717a2a5c0701497 $0.00 no 3 months ago 8cc652a6-7cf0-4933-8cbc-f01f3bf664bd
low codex Initializer can be front-run on uninitialized clones 0xc629a01ec23ab04e1050500a3717a2a5c0701497 $0.00 no 3 months ago 8cc652a6-7cf0-4933-8cbc-f01f3bf664bd
high codex Public initializer allows post-deployment ownership takeover 0x905d9368cf8a337c420bfb87705d2cdbb4e1c26a $0.00 no 3 months ago 9f165857-e441-49d5-955a-03f4c7445c6c
medium codex Canceled validator set updates permanently block future proposals 0xca88d12919ecfe0eaf91326a1d9daedf4517b794 $0.00 no 3 months ago 20808da3-a735-44e2-86ed-b9e00a27e745
medium codex Prefetch can rewind interval pointers, enabling repeated earmarks and extra treasury transfers 0xaf51cd5f71ed88d6d1f65b575f1a8ce3a78ec42b $0.00 no 3 months ago 4ea3389e-4ea3-4963-b780-690e0ce1b56a
low codex Unlocking a delegated stake does not snapshot the delegate, skewing reward snapshots 0xaf51cd5f71ed88d6d1f65b575f1a8ce3a78ec42b $0.00 no 3 months ago 4ea3389e-4ea3-4963-b780-690e0ce1b56a
low codex Upgradeable implementations lack initializer lock 0xaf51cd5f71ed88d6d1f65b575f1a8ce3a78ec42b $0.00 no 3 months ago 4ea3389e-4ea3-4963-b780-690e0ce1b56a
medium codex Unchecked ERC20 transfer return values can permanently mark claims as paid 0xf5644345a5a9dc14076b58802dc908b83e62b0e1 $798,679.24 no 3 months ago bd446f50-167b-4602-9a1e-d7999d3ffe37
high codex Packet hashing uses abi.encodePacked with dynamic strings (collision-prone) 0xbdae358dc3b0389a5532d011a8b4098ffda11836 $0.00 no 3 months ago 2b03ce69-6667-4e80-a75c-83ddd1a33fc2
medium codex Fee-on-transfer tokens break escrow accounting and can undercollateralize the bridge 0xbdae358dc3b0389a5532d011a8b4098ffda11836 $0.00 no 3 months ago 2b03ce69-6667-4e80-a75c-83ddd1a33fc2
low codex Storage gap placed before new variables in TokenServiceV2 0xbdae358dc3b0389a5532d011a8b4098ffda11836 $0.00 no 3 months ago 2b03ce69-6667-4e80-a75c-83ddd1a33fc2
high codex Unprotected one-time admin initialization enables takeover 0x04b28ccf37828978140643525961d20099e63668 $637,572.19 no 3 months ago 6d8fe14b-7be1-4516-b786-7ecb14b9cdbb
medium codex Minting uses requested deposit amount rather than actual received amount 0x0615dbba33fe61a31c7ed131bda6655ed76748b1 $894,622.61 no 3 months ago a4ff4f05-4e3e-4551-98c5-e84e98ac3bc8
low codex Transfer destination check always passes due to `||` 0x0615dbba33fe61a31c7ed131bda6655ed76748b1 $894,622.61 no 3 months ago a4ff4f05-4e3e-4551-98c5-e84e98ac3bc8
info codex Timelock bypass via changeVault 0x0615dbba33fe61a31c7ed131bda6655ed76748b1 $894,622.61 no 3 months ago a4ff4f05-4e3e-4551-98c5-e84e98ac3bc8
medium codex Initializer is publicly callable and sets privileged storage if uninitialized 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 3 months ago 0f14b8a6-911b-4685-a9fc-e61e1077db52
medium codex Collateral accounting assumes full transfer amount (fee-on-transfer tokens can undercollateralize vaults) 0x173ae6283a717b6cdd5491eac5f82c082a8c674b $892,332.70 no 3 months ago f854f1ec-178a-4a54-94b8-ab2eb2947263
medium codex adjust trusts user-supplied collateral amount, enabling undercollateralized minting with fee-on-transfer/non-standard collateral 0x49c431454c40ecbf848096f2753b2abc3a699a10 $0.00 no 3 months ago 6a86e7ae-30fc-4bd1-b436-7b9d4baa7340
low codex onlyOwner allows calls when owner is zero, leaving uninitialized clones open pre-initialize 0x49c431454c40ecbf848096f2753b2abc3a699a10 $0.00 no 3 months ago 6a86e7ae-30fc-4bd1-b436-7b9d4baa7340
low codex exchange_received credits surplus balances as input, enabling unauthorized sweeps of donated/rebasing tokens 0xc26d714c76e98ec65d26a9cdc749734ba6ca03d2 $1,022,852.08 no 3 months ago 85a72693-dd88-4347-ae92-500fe14f685a
medium codex Deposits assume full token amounts received, enabling share inflation with fee-on-transfer tokens 0x1cb489ef513e1cc35c4657c91853a2e6ff1957de $0.00 no 3 months ago f59f0bb7-6545-453b-82db-5db8d94ec4b5
medium codex Share minting is fully oracle-driven without manipulation safeguards 0x1cb489ef513e1cc35c4657c91853a2e6ff1957de $0.00 no 3 months ago f59f0bb7-6545-453b-82db-5db8d94ec4b5
low codex Zero-balance tokens can block full redemptions due to `bal=1` fallback 0x1cb489ef513e1cc35c4657c91853a2e6ff1957de $0.00 no 3 months ago f59f0bb7-6545-453b-82db-5db8d94ec4b5
medium codex Settlement can be blocked if total bids exceed uint96 limit 0x0b7ffc1f4ad541a4ed16b40d8c37f0929158d101 $1,141,455.44 no 3 months ago 3c876ae7-8ac4-47da-9c32-04123766eae8
low codex Unchecked ERC20 approve return value in wrapper constructor 0x0b7ffc1f4ad541a4ed16b40d8c37f0929158d101 $1,141,455.44 no 3 months ago 3c876ae7-8ac4-47da-9c32-04123766eae8
low codex Allowlist signatures can be replayed across EasyAuction instances 0x0b7ffc1f4ad541a4ed16b40d8c37f0929158d101 $1,141,455.44 no 3 months ago 3c876ae7-8ac4-47da-9c32-04123766eae8