TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
info codex Shares minted without verifying actual assets received 0x1b992302652a92611dcd5090d1cb388c6377f455 $0.00 no 3 months ago b92d2e03-21a2-487f-9e4b-54e0e3b1a93c
high codex Unprotected initialize allows hostile setup of critical bridge addresses 0xe80b4e0ed5e92d865f4708eee0e1564287a7d848 $0.00 no 3 months ago e9597aef-e9cc-49ba-9d81-2312231691b5
medium codex Liquidation status persists after transient undercollateralization 0x1e0447b19bb6ecfdae1e4ae1694b0c3659614e4e $6,277,274.45 no 3 months ago 3c6ff52f-c8f2-4d99-9d2f-bd09425954ea
medium codex Public initializer can be front-run to configure ATokenInstance 0xb2668573828029917ffbd1e76270373511818498 $0.00 no 3 months ago a6e22563-3c6a-48bc-9056-6d560ad9206b
high codex LP share accounting ignores trader PnL and vault asset flows, enabling over-redemption 0xe3d41d19564922c9952f692c5dd0563030f5f2ef $21,609,903.28 no 3 months ago dc08fc38-6d54-4fb0-8a86-bb65f82abb39
low codex Privileged selfdestruct path can destroy the contract 0x1f2f10d1c40777ae1da742455c65828ff36df387 $10,735,151.93 no 3 months ago 41f1c8a7-fdd5-43e7-9ca2-22b8a272517e
medium codex Reward accrual can be skipped when updateRewards resets lastUpdateBlock 0xbcd7254a1d759efa08ec7c3291b2e85c5dcc12ce $9,190,195.44 no 3 months ago 46a061cb-b215-4d54-b156-a9ace98d5799
low codex Unchecked return values on token operations can mask failures 0xbcd7254a1d759efa08ec7c3291b2e85c5dcc12ce $9,190,195.44 no 3 months ago 46a061cb-b215-4d54-b156-a9ace98d5799
low codex Unchecked ERC20 return values in withdrawal/redemption flow 0x9f205e1ac7698f59edbaa0a28c4a4c4ed605b722 $6,500,000.00 no 3 months ago 073f3e74-0f6a-484b-9199-a379c502677a
medium codex Deposit cap can be bypassed via reentrancy during asset transfer 0x1b992302652a92611dcd5090d1cb388c6377f455 $0.00 no 3 months ago 8ec2f2fa-e10f-4766-9520-8c4e451b8c4f
medium codex Fee-on-transfer or deflationary assets break share accounting 0x1b992302652a92611dcd5090d1cb388c6377f455 $0.00 no 3 months ago 8ec2f2fa-e10f-4766-9520-8c4e451b8c4f
low codex Permit accepts malleable ECDSA signatures 0x1b992302652a92611dcd5090d1cb388c6377f455 $0.00 no 3 months ago 8ec2f2fa-e10f-4766-9520-8c4e451b8c4f
medium codex Fee-on-transfer/deflationary ERC-20s break accounting (mint/repay credited by nominal amount, not actual received) 0x39aa39c021dfbae8fac545936693ac917d5e7563 $10,780,058.47 no 3 months ago 5c6a8037-f1d5-41f4-91a4-8653256c442f
medium codex Interest can be minted multiple times via reentrancy before lastAggUpdateTime is updated 0xeb5a8c825582965f1d84606e078620a84ab16afe $17,612,166.21 no 3 months ago 614e8405-f6c9-4781-bd65-282f3a654a08
high codex Unrestricted initialization of tap allows attacker-controlled liquidator 0x448a5065aebb8e423f0896e6c5d525c040f59af3 $20,792,403.90 no 3 months ago a07440d4-9742-4482-9bb0-05239d80eb1f
medium codex Adapter credits full `wad` without verifying actual tokens received 0x08638ef1a205be6762a8b935f5da9b700cf7322c $21,018,934.63 no 3 months ago 45fffa69-527a-49a0-8082-76e0b3db5719
low codex Bus-mode refund ignores failed native transfer, leaving excess fees trapped 0xc026395860db2d07ee33e05fe50ed7bd583189c7 $24,471,349.97 no 3 months ago 102810a6-7e26-4aff-859d-6b198fdc4401
high codex `setup` is externally callable via proxy with no one-time initializer guard 0x99b5fa03a5ea4315725c43346e55a6a6fbd94098 $0.00 no 3 months ago 8a7c4282-fe4b-4a35-b94c-7694cbef39ea
medium codex Delegatecall to `tokenDeployer` allows storage corruption if the deployer is compromised or upgradeable 0x99b5fa03a5ea4315725c43346e55a6a6fbd94098 $0.00 no 3 months ago 8a7c4282-fe4b-4a35-b94c-7694cbef39ea
critical codex Unprotected initializer allows arbitrary subcontract replacement and delegatecall execution 0x2c0df87e073755139101b35c0a51e065291cc2d3 $0.00 no 3 months ago 00827adf-489d-4605-a887-6e6ea5b81451
high codex Unprotected one-time admin initialization can be front‑run 0x1681195c176239ac5e72d9aebacf5b2492e0c4ee $34,620,088.63 no 3 months ago 2d583407-2d3a-41a0-85ac-6f1a8195edd9
medium codex Price feed responses lack staleness/round validation 0x2bea101d992b58da3f52c4c2aaeb49d33f7dce14 $0.00 no 3 months ago 041088fa-570d-423d-91ea-e5b574e99283
high codex Unprotected tap assignment allows attacker to seize liquidation/tax flows 0xbda109309f9fafa6dd6a9cb9f1df4085b27ee8ef $43,734,589.13 no 3 months ago f58f1e0d-d765-4f42-8774-1b1e4abc5a43
medium codex Reentrancy window on collateral exit can drain gem before burning SKR 0xbda109309f9fafa6dd6a9cb9f1df4085b27ee8ef $43,734,589.13 no 3 months ago f58f1e0d-d765-4f42-8774-1b1e4abc5a43
critical codex Unrestricted migrateTo_3_3_0 allows attacker-controlled interest implementation and token siphoning 0x8eb3b7d8498a6716904577b2579e1c313d48e347 $0.00 no 3 months ago f4cc9992-10b3-41d9-89ef-eb26729f6005
low codex Unchecked low-level callback can silently fail and mask external reverts 0x8eb3b7d8498a6716904577b2579e1c313d48e347 $0.00 no 3 months ago f4cc9992-10b3-41d9-89ef-eb26729f6005
medium codex Price feeds lack staleness/round completeness checks 0xdd922b4a799b5066902e325300069226f95c7988 $0.00 no 3 months ago 4186bccb-00b8-40b8-a6ed-805de3deb6c3
high codex Chainlink oracle responses are not validated for negative/stale data 0x6fcbbb527fb2954bed2b224a5bb7c23c5aeeb6e1 $266,056.63 no 3 months ago 019b426d-be82-7158-aec7-2fbd5b8cb931
medium codex Reserve ratio can be steered by manipulable Uniswap oracle updates 0x6fcbbb527fb2954bed2b224a5bb7c23c5aeeb6e1 $266,056.63 no 3 months ago 019b426d-be82-7158-aec7-2fbd5b8cb931
medium codex Removed collateral can still be withdrawn 0x6fcbbb527fb2954bed2b224a5bb7c23c5aeeb6e1 $266,056.63 no 3 months ago 019b426d-be82-7158-aec7-2fbd5b8cb931
medium codex Predictable seed generation allows trait manipulation 0x8754f54074400ce745a7ceddc928fb1b7e985ed6 $668,818.61 no 3 months ago 019b4236-fb81-71aa-86bf-cc46196cb9ac
high codex Gateway-controlled delegatecall enables arbitrary code execution in Agent context 0xd803472c47a87d7b63e888de53f03b4191b846a8 $7,165,862.10 no 3 months ago 019b422c-5600-71b9-95ab-04ba54ca9f3f
low codex Relayer authorization accepts `tx.origin`, enabling contract-forwarded execution 0xaaaaaaaaa24eeeb8d57d431224f73832bc34f688 $487,276.57 no 3 months ago 019b421f-6355-7264-b48a-04e2fef9e548
low codex EIP-712 type hash mismatch for relayer callpath blocks signatures for callpaths >255 0xaaaaaaaaa24eeeb8d57d431224f73832bc34f688 $487,276.57 no 3 months ago 019b421f-6355-7264-b48a-04e2fef9e548