TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
low codex Internal balances assume full transfer amounts, breaking invariants for fee-on-transfer/rebasing tokens 0xdcef968d416a41cdac0ed8702fac8128a64241a2 $1,222,437.73 no 3 months ago 733c4190-827e-4a56-b036-325c9efec89e
low codex Unchecked LP token mint/burn return values can allow silent failures 0xdcef968d416a41cdac0ed8702fac8128a64241a2 $1,222,437.73 no 3 months ago 733c4190-827e-4a56-b036-325c9efec89e
medium codex Initializer appears publicly callable before initialization flag is set 0x7b6942434aa457d1520f9cc0a05ede239ecabd37 $2,008,201.00 no 3 months ago e5711d3e-da45-4a2f-8b00-0c8fc8dc6d76
high codex Reentrancy during module removal can permanently lock the SetToken 0x07834b06b5756056e065c0bd1639761ab8297513 $1,058,531.93 no 3 months ago 21882865-9b4a-4420-b853-fc947442c2be
high codex Public upgrade initializer allows anyone to set management fee after v1→v2 upgrade 0xc0026e559da7f2d4ee573616c09a8f721fa599bd $0.00 no 3 months ago 08e6a475-e8b8-4f68-8143-0dc96c883782
medium codex Blacklist bypass: blacklisted spender can still transfer via transferFrom 0xc0026e559da7f2d4ee573616c09a8f721fa599bd $0.00 no 3 months ago 08e6a475-e8b8-4f68-8143-0dc96c883782
high codex YieldLimitExec hooks encode/decode mismatch can revert inbound mints and corrupt accounting 0xde1617ddb7c8a250a409d986930001985cfad76f $1,043,732.69 no 3 months ago 8334cc4c-d376-4cae-a657-bd2812b2b250
medium codex Pending-share calculation uses pendingUnderlying instead of consumedUnderlying 0xde1617ddb7c8a250a409d986930001985cfad76f $1,043,732.69 no 3 months ago 8334cc4c-d376-4cae-a657-bd2812b2b250
medium codex StakeEasy lets any caller spend contract-held tokens 0xde1617ddb7c8a250a409d986930001985cfad76f $1,043,732.69 no 3 months ago 8334cc4c-d376-4cae-a657-bd2812b2b250
low codex Unchecked ERC20 transfer/transferFrom can enable free unwrap or silent accounting drift 0xde1617ddb7c8a250a409d986930001985cfad76f $1,043,732.69 no 3 months ago 8334cc4c-d376-4cae-a657-bd2812b2b250
medium codex Replayable failed messages inflate locked funds accounting 0x61488ae9dedca3f29f5e72bbf23ba975862c20ba $0.00 no 3 months ago c4ec9b86-f84f-462e-89f0-0a1a08973858
medium codex AccessManager execution delays are bypassed for PerpManager/Vault privileged actions 0x7f1cec2328170e510f2d0375ce1ba7ac45d1681a $0.00 no 3 months ago 57ace033-9a1d-4d2f-b70e-f28fa74799da
medium codex Strategy withdrawals do not reconcile actual assets returned, overstating total assets 0x7f1cec2328170e510f2d0375ce1ba7ac45d1681a $0.00 no 3 months ago 57ace033-9a1d-4d2f-b70e-f28fa74799da
low codex Interest fee shares are minted before interest is added, inflating fees 0x7f1cec2328170e510f2d0375ce1ba7ac45d1681a $0.00 no 3 months ago 57ace033-9a1d-4d2f-b70e-f28fa74799da
medium codex Mint amount ignores actual stablecoin received (fee-on-transfer/rebasing tokens) 0xe2e1424687eb676b3807693cbb439362b8ea908e $215,453.57 no 3 months ago b1775fcd-29cb-428f-a277-365169de370d
low codex Owner can sweep collateral, leaving minted AID unbacked 0xe2e1424687eb676b3807693cbb439362b8ea908e $215,453.57 no 3 months ago b1775fcd-29cb-428f-a277-365169de370d
high codex Delegatecall to external ORDER_MANAGER_SINGLETON enables full vault takeover if that address is upgradeable/compromised 0x1d9d0956621bf85d1d4cafc92d76a0448a5e6b9b $0.00 no 3 months ago d6e884b9-0d8a-4410-802c-0d7b21b36433
medium codex afterSwap callback is publicly callable with unvalidated parameters 0x1d9d0956621bf85d1d4cafc92d76a0448a5e6b9b $0.00 no 3 months ago d6e884b9-0d8a-4410-802c-0d7b21b36433
high codex Initializer can be front‑run on uninitialized deployments 0x100dcb8b78c608d148cb207ac3875935dfe6abdc $0.00 no 3 months ago 63826368-2868-4338-bf44-3f1ac9518ef4
low codex Reward token transfer in updateValset allows reentrancy into state-changing logic 0x100dcb8b78c608d148cb207ac3875935dfe6abdc $0.00 no 3 months ago 63826368-2868-4338-bf44-3f1ac9518ef4
critical codex Unrestricted dispatcher initialize allows sub-contract takeover and arbitrary delegatecall 0x8c43c9bec15d82d153c52518030e0a9590abd35d $0.00 no 3 months ago 3f64d8b1-7867-4b19-ac8a-e7491ef06aa9
critical codex Unsigned messages accepted when authority set is empty 0xc664692f38d2528710edbb74f65db6599bc7dee6 $0.00 no 3 months ago fdefebf3-c8b5-4f78-bd33-56e8577739eb
high codex Fee-on-transfer/deflationary tokens can inflate internal balances and drain other assets 0x6f400810b62df8e13fded51be75ff5393eaa841f $856,965.32 no 3 months ago d999d22b-2dac-4c56-a9ac-4ade13e4db17
low codex Payouts/sweeps use tx.origin as recipient 0x6dc71298ce1b61ba4c83d5cdf4b3b1e9aa558a7f $1,326,983.83 no 3 months ago 1a24ef76-b3fa-419d-9583-62d57d946e47
high codex Reentrancy via transfer-out before state updates in borrow/withdraw 0x3fda67f7583380e67ef93072294a7fac882fd7e7 $1,322,493.75 no 3 months ago bcdfa77d-89f0-4bd4-94b1-88110b7b2e0f
medium codex Fee-on-transfer tokens can mint unbacked balances due to assuming full transfer-in amount 0x3fda67f7583380e67ef93072294a7fac882fd7e7 $1,322,493.75 no 3 months ago bcdfa77d-89f0-4bd4-94b1-88110b7b2e0f
medium codex Unprotected initializer/castrate allow takeover or permanent lock of uninitialized proxies 0xf0d7d1d47109ba426b9d8a3cde1941327af1eea3 $0.00 no 3 months ago e7b0ae0c-b4ec-4bef-850f-238760b01a13
medium codex TWAP can collapse to spot price, enabling price manipulation around buy/burn swaps 0x9217622b957411ac4a5608a9a0689c8a256344d1 $1,419,859.62 no 3 months ago 12d861ef-8f42-4779-a04a-8d1399b51333
low codex Public initializer can be claimed if proxy is left uninitialized 0x74ae836d6f949118b4e4d0af79924edd0d6fd163 $0.00 no 3 months ago b842d834-085d-41aa-b331-087260eeb9d9
medium codex Spot-price fallback in TWAP quotes enables sandwiching of buybacks when observations are insufficient 0x1a4330eaf13869d15014abca69516fc6ab36e54d $1,436,876.75 no 3 months ago 1477e342-0362-4cb5-8d4e-25617326771b
medium codex Fee-on-transfer/rebasing tokens can inflate internal balances 0x003ca23fd5f0ca87d01f6ec6cd14a8ae60c2b97d $1,558,282.86 no 3 months ago 282352a2-0573-4737-ac0f-2601c2a3e40a
high codex Unprotected reinitializer enables proxy takeover if initialization is not atomic 0x1a5d115a87e39fd8d8c9e53b91dbe5e0ec309dd2 $0.00 no 3 months ago 53258cf0-dc0d-412d-8abb-9515ee4dd8a9
medium codex ERC777-style reentrancy in deposit can mint excess shares 0xe1237aa7f535b0cc33fd973d66cbf830354d16c7 $1,537,209.82 no 3 months ago 62905bd3-7f23-4198-8cee-9a5bc2390d2a
medium codex Inbound handlers lack replay protection for cross-chain messages 0x9371352ccef6f5b36efdfe90942ffe622ab77f1d $1,539,859.83 no 3 months ago 478c78f6-b81e-47bf-86e8-3a178cfe290f
low codex Plugs accept inbound messages without validating expected source chain/plug 0x9371352ccef6f5b36efdfe90942ffe622ab77f1d $1,539,859.83 no 3 months ago 478c78f6-b81e-47bf-86e8-3a178cfe290f
medium codex Fee-on-transfer tokens break accounting in deposit/repay 0xef1bc66e0ea9717a3f2c969633a989d6bf41024b $0.00 no 3 months ago 845336e9-a114-4034-86fd-9e49f9a99810
medium codex Permissionless initialize allows frontrun configuration takeover 0xef1bc66e0ea9717a3f2c969633a989d6bf41024b $0.00 no 3 months ago 845336e9-a114-4034-86fd-9e49f9a99810
low codex Hook receiver can execute arbitrary call/delegatecall via callOnBehalfOfSilo 0xef1bc66e0ea9717a3f2c969633a989d6bf41024b $0.00 no 3 months ago 845336e9-a114-4034-86fd-9e49f9a99810
medium codex Reward accrual can be wiped when updateRewards resets lastUpdateBlock 0xc8c3cc5be962b6d281e4a53dbcce1359f76a1b85 $1,642,812.54 no 3 months ago 682e09b2-8a52-43fd-9fd2-1a4d25cd281c
low codex Unchecked ERC20 return values on approve/mint can silently fail and desync accounting 0xc8c3cc5be962b6d281e4a53dbcce1359f76a1b85 $1,642,812.54 no 3 months ago 682e09b2-8a52-43fd-9fd2-1a4d25cd281c
medium codex Upgradeable Portal can be initialized by anyone if proxy/implementation is left uninitialized 0x57dbcb192fa64bf07eab76941d1dae5177c8f4f3 $0.00 no 3 months ago 9ddbf2b4-3560-4207-aba0-175d63d7e610
medium codex Fee-on-transfer/rebasing tokens can undercollateralize synths 0x57dbcb192fa64bf07eab76941d1dae5177c8f4f3 $0.00 no 3 months ago 9ddbf2b4-3560-4207-aba0-175d63d7e610
low codex Revert request functions are replayable, allowing repeated bridge calls 0x57dbcb192fa64bf07eab76941d1dae5177c8f4f3 $0.00 no 3 months ago 9ddbf2b4-3560-4207-aba0-175d63d7e610
high codex MintableToken allows unrestricted mint/burn, enabling collateral drain if used as the app-chain token 0x6d303cee7959f814042d31e0624fb88ec6fbcc1d $1,306,925.21 no 3 months ago f575c00d-7d47-4453-9d78-7ca636dc5e53
medium codex Deposit path assumes full transfer amount; fee-on-transfer tokens cause under-collateralized minting 0x6d303cee7959f814042d31e0624fb88ec6fbcc1d $1,306,925.21 no 3 months ago f575c00d-7d47-4453-9d78-7ca636dc5e53
high codex ERC777 liquidation payments credit liquidator balance, enabling free collateral extraction 0x8a134e651432a902041643668940c9a9cd270633 $0.00 no 3 months ago 6625d03d-07b7-460c-b8f4-4fc0c7f1ad3b
medium codex Chainlink price reads lack freshness/round validation 0x8a134e651432a902041643668940c9a9cd270633 $0.00 no 3 months ago 6625d03d-07b7-460c-b8f4-4fc0c7f1ad3b
medium codex Reentrancy guard can be reset mid-call via public initializePoolV2 0xfc59ab348e0c0e789e914b0864f08cab98db1553 $0.00 no 3 months ago a5d04c17-5a96-4bbb-8db1-668693dc67db
low codex Owner can drain staked/reward tokens via saveMe 0xfc59ab348e0c0e789e914b0864f08cab98db1553 $0.00 no 3 months ago a5d04c17-5a96-4bbb-8db1-668693dc67db
low codex Unprotected initializePoolV2 can be front‑run to block upgrade initialization 0xfc59ab348e0c0e789e914b0864f08cab98db1553 $0.00 no 3 months ago a5d04c17-5a96-4bbb-8db1-668693dc67db