TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
critical codex Public selector `0x1d2bca17` can assign arbitrary balance to the caller 0x5fb7f726249ded65635bcebda9b292b026088a87 $3,100.00 no 1 week ago 019b3836-3c1c-73f1-8d3d-ffdb519bf95c
critical codex Unprotected ownership assignment lets any caller seize privileged control 0xc07ec6b6e3783b6855d000e104e44b3f86bbfc22 $62.00 no 1 week ago 019b3836-39ba-7004-a435-a288b804611b
critical codex Anyone can seize the privileged owner slot 0xe82719202e5965cf5d9b6673b7503a3b92de20be $12,468.87 no 1 week ago 019b3836-3447-7312-aaa5-39b079e8086c
critical codex Legacy constructor-like initializer is still publicly callable and can mint balances 0x080781e41bbd4402a8b9f07df187b7391d707de7 $217.00 no 1 week ago 019b3836-35bd-7032-b1d3-60862afc5118
critical codex Public unguarded initializer-like function can assign caller balance and rewrite token metadata 0xd7e021cd9096cc0ca642828c1045eb10c6b1ff2e $31.00 no 1 week ago 019b3836-360e-730b-adcd-d15852dc100d
critical codex Public constructor-like function lets any caller mint/reset token state 0x2bf4a701470dfe06babd313926a1ebcdcd5806c1 $0.31 no 1 week ago 019b3836-3278-73cd-b85f-dc1b759c448b
critical codex Unauthenticated balance-setting and reinitialization entrypoints 0x216f59605793807b0ab628d04fcc58f645fc2a5d $3,115.58 no 1 week ago 019b3836-3313-7038-99db-1df5438c8f46
critical codex `transfer` uses unchecked arithmetic and permits balance underflow/overflow 0x216f59605793807b0ab628d04fcc58f645fc2a5d $3,115.58 no 1 week ago 019b3836-3313-7038-99db-1df5438c8f46
critical codex Public initializer-style function can assign arbitrary balance and rewrite metadata 0x0d90b565cd67733f70c21fe38f355e3469012856 $248.00 no 1 week ago 019b3836-3005-71b8-a8ef-ecd5ea5d9540
critical codex Public selector can execute SELFDESTRUCT without visible authorization 0x19d55cebd35439f7e7815fa6e26993849395ac30 $0.00 no 1 week ago 019b3836-2ed5-709b-ab55-463b7a97c015
critical codex Keeper-supplied `pricePerShare` can be ratcheted away from NAV to steal value from other LPs 0x22a591793a9dd506bb3009522dec919120dc3087 $41,484.99 no 1 week ago 019d5666-71df-70bc-b254-bdcd67639ea9
critical codex `claimRewardsBySig` trusts attacker-chosen reward amounts and can drain pooled rewards 0x22a591793a9dd506bb3009522dec919120dc3087 $41,484.99 no 1 week ago 019d5666-71df-70bc-b254-bdcd67639ea9
critical codex Untrusted DELEGATECALL target reachable (arbitrary code execution risk) 0x97edcc0f6bb77191b4bf69a930e6d2383397433a $0.00 no 2 months ago 019c0ea9-9972-71e4-a291-55d964b938b2
critical codex Untrusted DELEGATECALL target reachable (not a proxy) 0x3e2d7bf7f7b883e0ef771821d0b421529c5e97ff $44,239.52 no 2 months ago 019c0ea9-0863-70d8-91df-737c5ebff191
critical codex Computed DELEGATECALL target reachable 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 2 months ago 019be3d7-e47d-7320-ae56-01c14905ff89
critical codex Untrusted DELEGATECALL target reachable (arbitrary code execution risk) 0x30689375f7ae75fb85d3a9cb7058ff231dd9f91c $46,862.02 no 2 months ago 019be3d6-8492-73c8-8ec4-edb49b23a550
critical codex Computed DELEGATECALL target reachable (arbitrary code execution in caller storage) 0x62c9e5e52351e02635f48072fa20c03bb650f787 $0.00 no 3 months ago 019bab3d-a735-71f5-99d9-235223139c05
critical codex Initializer is publicly callable, enabling proxy takeover if not initialized atomically 0x677ecf96dbfee1defbde8d2e905a39f73aa27b89 $0.00 no 3 months ago 019bab3d-7dae-718a-bd33-ed21b428c9ba
critical codex Unprotected network initialization lets attacker set critical contract dependencies 0xf211128cc6d925a3a328647cf78b322b51429c53 $58,771.78 no 3 months ago 019bab3b-ab50-73ed-9109-2fa3a622bb57
critical codex Hardcoded tx.origin bypass disables SNARK verification 0x9a3152b61420ed4d5e594c0b48bb932ee41b7376 $60,124.91 no 3 months ago 019bab3b-aa3a-72d1-b401-bae32ceffc05
critical codex Anyone can become executor and gain onlyAuth privileges (ITGToken) 0xb104df39250112eda59b27f5db7013c7ee132d50 $62,000.00 no 3 months ago 019ba9e0-bdf4-70c0-8613-6ae209cfb88c
critical codex DELEGATECALL to computed, varying targets 0x6a13cbb3a3ecd7e8d74636f79c4a09acb1f85606 $77,500.00 no 3 months ago 019ba92a-2ffb-70a4-a200-12dbf33d78b7
critical codex Unprotected genesis/commit address initialization enables delegatecall takeover and fund drain 0xf2c351f22b148a9ff583a0f81701471a74e7338e $0.00 no 3 months ago 64fdfe11-456e-45f6-8615-c93b752c18eb
critical codex Unrestricted batch transfer allows draining ETH/ERC20 balances 0x30e3da29d03702ef45d2765feaa6e98b89195241 $0.00 no 3 months ago 73577ec6-1e74-4f61-9fee-a5ebf7f88ac0
critical codex Unprotected initializer allows ownership takeover if the contract is uninitialized 0xcd0eb8b89c43c3654b4f8d83eb38149327c1107c $0.00 no 3 months ago f517204f-a968-4a9f-8960-e187c975c3b2
critical codex Unprotected initialize allows ownership takeover and forged message withdrawals 0x341786048479f9f6ab7555e08ca2cdc4005ddec9 $0.00 no 3 months ago c39ceeb7-70db-44e9-8e1f-07ef0170dbac
critical codex Signature threshold can round down to zero, allowing proofs with no signatures on small validator sets 0x76bac85e1e82cd677faa2b3f00c4a2626c4c6e32 $131,004.64 no 3 months ago 61b6e8d3-1c26-43a5-ac80-2116ec147eeb
critical codex Unprotected external initializer enables ownership takeover and ETH drain if uninitialized 0x28083d8bce883aa7b70130c915cd4308448a6f1e $0.00 no 3 months ago 2763da7f-91ba-434d-8942-6b9a4e4ee8c5
critical codex Reentrant reward payout lets attackers claim the same rewards multiple times 0x60510caf94f3001651e3e83f5e0ebdd303758aae $139,150.78 no 3 months ago aaad28a3-b6c9-4817-a4d8-9f7fbf189252
critical codex Unprotected `setGenesisRootAndAddresses` lets attacker install malicious `zkSeaAddress` facet and drain funds via delegatecall 0x467a2b91f231d930f5eeb6b982c7666e81da8626 $0.00 no 3 months ago 95d6fcb3-dc31-4ad0-aad7-6796cf5b54e9
critical codex Reentrant splitDAO via withdrawRewardFor drains the main DAO balance 0xbb9bc244d798123fde783fcc1c72d3bb8c189413 $142,099.48 no 3 months ago 839a0dce-7e4a-416f-a10e-f6ca70c4e5cb
critical codex Uninitialized Bridge allows empty-signature withdrawals and/or initializer takeover 0x3f2e4e5a70f2a424d7c4e4e0323c878c77c20537 $0.00 no 3 months ago eca47d9b-d28d-4264-9f5c-73a33983661b
critical codex Unprotected initialize allows first caller to become sole signer and drain funds 0x43ffaa65fe273d2ef9edd78418091d41b1aa40e8 $0.00 no 3 months ago ce2e5a9a-c215-43ce-a3dd-14690402b335
critical codex Unprotected init() lets attacker become admin/executor and drain bridge funds 0x1bda1227875f0f8bb27625dd720f386b40003e14 $0.00 no 3 months ago 66199f28-d28d-4899-b8fd-5a726218d9b3
critical codex Unrestricted TokenGrant.receiveApproval lets anyone drain approved holders by creating grants to themselves 0xdf708431162ba247ddae362d2c919e0fbafcf9de $184,295.42 no 3 months ago 255dad02-bda3-4c93-9044-1ca2dfacc23f
critical codex Staking token can be selected as reward token, letting attacker withdraw all staked principal as rewards 0xa383c8390adbcd387db93babdf3f30308391bd57 $184,984.11 no 3 months ago e413baba-c804-4c21-b0e4-6aac90a2379e
critical codex Unprotected initialize enables attacker-controlled messenger and bridge takeover 0xa037b01bf218e87144446e9e87dd9dc58033fb57 $0.00 no 3 months ago 3fa32ee3-f6ed-4978-87cd-d4efcb7979e3
critical codex Refund logic never consumes PANDA or enforces refundMap, enabling unlimited ETH redemptions 0x229cc0a81a1d6b4a2fc1452b3bd166462216e3f3 $216,476.99 no 3 months ago 50bc5866-a202-48b6-a7cd-e3e4d18a6a4c
critical codex Unprotected `initialize` lets first caller seize ownership and drain all cash 0x6c26c3abd3b8ac89adeb34db9d3a9fbb54a0060a $0.00 no 3 months ago 65a5bd7b-3587-490b-9faf-6447a94a5332
critical codex Dividend distribution multiplies payouts when listed token sum is zero 0x25a06d4e1f804ce62cf11b091180a5c84980d93a $304,668.51 no 3 months ago 9e8b9e72-45c4-4568-9bc5-55a35670600e
critical codex Canceled-mode payback does not persist account updates, enabling unlimited repeated withdrawals 0xa33c4a314faa9684eeffa6ba334688001ea99bbc $337,218.84 no 3 months ago 9372adcb-18e9-434e-8e91-6dd4039515e2
critical codex USDT transferFrom/transfer return values ignored, enabling fake deposits and pooled USDT withdrawal 0x6f35a5e6a7301627a090822895e5e7209ed72f77 $400,489.31 no 3 months ago ce59d179-7b6b-44f3-a1f7-22805cde84e2
critical codex Unprotected initialize enables proxy hijack and full ETH drain 0x91630f5e28f1f30067b92a8d9d7b8e836afddf9b $0.00 no 3 months ago 24348e6d-d2c2-4182-b020-1b80c138a33b
critical codex Unprotected initialize enables proxy hijack and ETH/ERC20 drain 0xeee6207d514c2845394b5f4b9f12b6d155f4524b $0.00 no 3 months ago 07e0721c-c079-4dc1-be4b-4e123bb0d340
critical codex Unprotected initializer enables ownership takeover and collateral drain via rebalance 0x522a1bc31fa8d9421c29506d4e600aecefaa1b7d $0.00 no 3 months ago 32c00cf5-d812-497b-98d4-d7d523f95e8a
critical codex Unprotected initialize allows proxy takeover and unlimited minting 0x9e021c9607bd3adb7424d3b25a2d35763ff180bb $0.00 no 3 months ago e0b6a8c2-69a3-42d6-9367-2fd03f2174f9
critical codex TokenGrant.receiveApproval allows arbitrary grant creation using victims’ allowances, enabling immediate token theft 0xa7d9e842efb252389d613da88eda3731512e40bd $801,526.50 no 3 months ago 27854931-6298-47ab-a143-fe61a05b0147
critical codex Public verifyState delegates to attacker-controlled target during upgrades, enabling arbitrary code execution and token drain 0xe9778e69a961e64d3cdbb34cf6778281d34667c2 $902,684.34 no 3 months ago 9669f033-142c-498f-a5e9-51ea916b6a54
critical codex Unprotected finalizeUpgrade_v2 enables LidoLocator hijack and buffered ETH theft 0x17144556fd3424edc8fc8a4c940b2d04936d17eb $0.00 no 3 months ago 5759b91b-cd68-448d-8e43-52ec0688cfdf
critical codex Unprotected initializeV5 allows attacker to seize migrator role and whitelist a drain recipient 0x5019d41b0737e39b51fd6da4859f3e27579e4e69 $0.00 no 3 months ago 398a83a4-3714-43fd-b57b-b5205efcfca4