TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
high codex Privileged mint path can arbitrarily increase balances and total supply 0x9535932d6d5262e5beff6a75b19f092be3b5fba8 $1,390.04 no 1 week ago 019b3836-472f-722a-a5f8-2981e57b8c6f
high codex Owner-controlled source address can redirect public token payouts to arbitrary holder balances 0x2083ba165b902a02a6bf931287dfedd50a4ddd21 $3.10 no 1 week ago 019b3836-3ff6-7390-948c-69931f834a03
high codex Buy path can underflow the contract inventory balance and mint unbacked tokens 0x9325f6e7767d61d934d118433666d1120863bdcd $6.19 no 1 week ago 019b3836-401c-7174-a301-f7e6710e1b3b
high codex Public selector reaches variable low-level CALLs with possible ETH transfer 0x2d7eb3b1e243595386c8e15abdb91ecfa1785452 $4.96 no 1 week ago 019b3836-4025-70d6-a7b0-45af0967529d
high codex Sell/redeem path sends ETH before refreshing cached price, enabling reentrant stale-price withdrawals 0xa85e234d071e5acc1d91badd306ed601a38575e8 $28.52 no 1 week ago 019b3836-4073-7178-b5f9-dab237c894e6
high codex Privileged path authenticates with tx.origin 0x97afa00f26e66bf96a7338e67ee945d1f3080b78 $1,703.78 no 1 week ago 019b3836-3d20-71d0-bbc3-03d9ecb53393
high codex ETH transfers ignore CALL success and continue mutating state 0xe724bf992be1849f3891ed0656c31d5096ea8862 $0.03 no 1 week ago 019b3836-3d36-73b6-80fd-0641ca3adbb2
high codex Payout phase appears reenterable before round state is cleared 0xe724bf992be1849f3891ed0656c31d5096ea8862 $0.03 no 1 week ago 019b3836-3d36-73b6-80fd-0641ca3adbb2
high codex Queued payout is sent before the entry is marked paid 0xf767fca8e65d03fe16d4e38810f5e5376c3372a8 $620.00 no 1 week ago 019b3836-3d4a-716f-9c1a-88a7ebc5859e
high codex Unchecked low-level ETH payouts can silently fail while accounting still advances 0xc07ec6b6e3783b6855d000e104e44b3f86bbfc22 $62.00 no 1 week ago 019b3836-39ba-7004-a435-a288b804611b
high codex Payout loop performs external ETH send before advancing queue/accounting state 0x79c039d075bc3b86a7df63ebbe55fbc642b5220f $840.10 no 1 week ago 019b3836-39d7-7001-a2ca-2321dc5d26da
high codex Ignored CALL results let failed transfers silently corrupt accounting 0xbe46324018124b2d604c2f3eae91d3de9b388b09 $226.69 no 1 week ago 019b3836-39fd-7343-8d00-88249f6d3014
high codex Participant payout calls an untrusted recipient before advancing the payout cursor 0xbe46324018124b2d604c2f3eae91d3de9b388b09 $226.69 no 1 week ago 019b3836-39fd-7343-8d00-88249f6d3014
high codex Payout call to user-controlled recipient happens before payout state is cleared 0xe82719202e5965cf5d9b6673b7503a3b92de20be $12,468.87 no 1 week ago 019b3836-3447-7312-aaa5-39b079e8086c
high codex Selector 0xa9059cbb appears to grant authorization and invoke a callback instead of performing an ERC20 transfer 0x5fa85a5d220be1391eaeb66542f7e0afd6e461a9 $31.00 no 1 week ago 019b3836-35f6-70f6-b91f-9db2da6f60d7
high codex Failed refund calls are ignored and residual ETH is swept to slot0 0xba8ee7ba243a363d1995812121bc3fdfa6052785 $465.00 no 1 week ago 019b3836-333c-73df-8c9f-e39c4a7e4486
high codex Refund finalization is reentrant before the contract is marked closed 0xba8ee7ba243a363d1995812121bc3fdfa6052785 $465.00 no 1 week ago 019b3836-333c-73df-8c9f-e39c4a7e4486
high codex Unauthenticated record creation can steer later ETH payouts 0x9c9e98aba397c49e03ee2e4cf11c0effb8cc8135 $0.97 no 1 week ago 019b3836-2e59-708d-99c9-3db04a41b280
high codex Reachable SELFDESTRUCT appears callable without an entry-point authorization check 0x9be772434306514702f95bc60cc4c0910ca9a7c2 $3.10 no 1 week ago 019b3836-2e82-7165-9665-5fa332e35d61
high codex Public low-level CALL with ETH/value semantics and no success handling 0x8d06ce37c1ec69a0402688c3a9d34e583adcc88a $0.00 no 1 week ago 019b3836-2ec8-72a4-87d8-32f40c869605
high codex Publicly reachable SELFDESTRUCT path 0x8d06ce37c1ec69a0402688c3a9d34e583adcc88a $0.00 no 1 week ago 019b3836-2ec8-72a4-87d8-32f40c869605
high codex Owner can freeze arbitrary senders via a hidden boolean mapping 0x41a7820c86f4bea29e6c9239aeb0fbdba12dd790 $3.10 no 1 week ago 019b3836-2d81-72b3-ba7f-1259b9b4588e
high codex Owner-only mint can arbitrarily inflate supply 0x41a7820c86f4bea29e6c9239aeb0fbdba12dd790 $3.10 no 1 week ago 019b3836-2d81-72b3-ba7f-1259b9b4588e
high codex Owner-controlled blacklist/freeze path can block selected holders from transferring 0x89205a3a3b2a69de6dbf7f01ed13b2108b2c43e7 $2,767.63 no 1 week ago 019b3836-2d66-70b7-8bcd-c67d896eb78c
high codex State-changing authorization/accounting path is keyed off tx.origin 0x55b9a11c2e8351b4ffc7b11561148bfac9977855 $13,246.61 no 1 week ago 019b3836-28c4-7299-bb59-544b4f97f4bc
high codex Public entrypoints can trigger non-zero-value external calls from contract balance 0x98f66626d9ddb4688ef7aed01e32375d04ca1f7d $21.80 no 1 week ago 019b3836-2901-713f-8003-3b6a8dabb217
high codex Unguarded arbitrary CALL gadget can write attacker-chosen data into storage 0xc861fc8dc9537159d94acbd662439046ea407166 $49.60 no 1 week ago 019b3836-22f2-7323-a0f4-cbc79d8a01c5
high codex Unchecked ETH payouts can mark participants paid even when the transfer fails 0xdc00a9f92e9ea5cba399b026775e64596215861f $108.50 no 1 week ago 019b3836-225f-71fa-9a22-3ba4f0a44b83
high codex Settlement clears accounting even when ETH payouts fail 0xe881af13bf55c97562fe8d2da2f6ea8e3ff66f98 $16.12 no 1 week ago 019b3836-229f-7340-9526-a8183608906c
high codex Reentrant payout loop can recurse into finalization and sweep remaining funds 0x40c3506a8446bb5d806fe0030d451142c8044f77 $3,100.00 no 1 week ago 019b3836-21ba-7125-a495-b3a817f9d105
high codex External payout calls occur before round state is cleared 0xfc67bd301a4c698b461e5e9f26eab60d230b77a4 $1,240.00 no 1 week ago 019b3836-22a9-708c-9e79-2665fbe783ab
high codex Payable acquisition path returns success on failed preconditions, trapping ETH 0x0e5e2b9341341ade98f510ad9a744e01f3b29f03 $15,500.00 no 1 week ago 019b3836-22d7-70d4-8f04-697b1924f6d7
high codex CREATE plus SELFDESTRUCT phase transition is broken on Ethereum mainnet after EIP-6780 0x17c7d136bdfc4371f989076bb3842be2e73c3ec1 $3.81 no 1 week ago 019b3836-21e4-7185-8734-88afaf7cdc4e
high codex Payable path fails open and persists state even when its apparent eligibility/collateral checks fail 0x8226891a383dc93da036274431aa9e00b47104d0 $0.00 no 1 week ago 019b3836-220c-72ad-99e1-0bffbd1dfee3
high codex Top-level accounting decrements user balances but creates child contracts with zero ETH 0x480d57dbf6c3b49916b9325e2c5ed92401c54efc $124.00 no 1 week ago 019b3831-b4f2-714e-8d83-674c9b049484
high codex Deployable child runtime pays arbitrary recipients via CALL with no reentrancy guard 0x480d57dbf6c3b49916b9325e2c5ed92401c54efc $124.00 no 1 week ago 019b3831-b4f2-714e-8d83-674c9b049484
high codex Withdrawal paths send ETH to CALLER before clearing caller-specific accounting 0xbf4aa23fc8a11f84f6ce07a11b1f7455b732eb1b $0.00 no 1 week ago 019b3831-b510-72f0-943d-9bb9b2a2899a
high codex Cooldown/lock check uses reversed subtraction, collapsing the wait period 0x4f0255319faa4a7915856300f5ff98a2fe86ae97 $0.00 no 1 week ago 019b3831-b4e0-71c5-8142-0d761b2b7ab8
high codex Deposits credit the requested amount instead of the amount actually received 0xa8372d6ff00d48a25baa1af16d6a86c936708f4e $0.00 no 1 week ago 019d5667-1339-71d8-a320-f4112d024afe
high codex Unchecked CowSwap feeAmount lets a limit order drain extra sellToken beyond params.amountIn 0x00000000d681e85e5783588f87a9573cb97eda01 $0.00 no 1 week ago 019d5666-f542-7208-84bc-d2e3db83e367
high codex ERC20 bridge accounting trusts the requested amount instead of the amount actually received 0x29353f77c6b0d3772d73e708cc8e1fca08c80c11 $0.00 no 1 week ago 019d5666-e916-7246-acfd-c2f7d6ef4d74
high codex Fee-on-transfer collateral tokens let users over-withdraw from pooled escrow 0x6ac64c4760e0590f88233b2046810e87e0354324 $0.00 no 1 week ago 019d5666-ddb2-7138-a85b-4026ca2b3eec
high codex Owner can de-whitelist an active collateral token and withdraw funds backing live positions 0x6ac64c4760e0590f88233b2046810e87e0354324 $0.00 no 1 week ago 019d5666-ddb2-7138-a85b-4026ca2b3eec
high codex Keeper-controlled pricePerShare can be stair-stepped away from real NAV and used to overmint/overwithdraw 0x04393e5c6701237d7ee836d644f8dbdd122afebc $0.00 no 1 week ago 019d5666-b2b6-72b3-991d-f09cf3f2b2ec
high codex `claimAndStakeRewardsBySig` signatures are replayable across different gardens 0x04393e5c6701237d7ee836d644f8dbdd122afebc $0.00 no 1 week ago 019d5666-b2b6-72b3-991d-f09cf3f2b2ec
high codex Signed actions can be replayed across different GuruFund instances 0xec8902afffb06d0b075ea2d6fb3a45ec8598c39b $0.00 no 1 week ago 019d5666-7793-71fe-8365-fe0e83fcb95f
high codex Version-dependent storage slots can brick the proxy and strand assets on upgrade 0xc95b806ac073df930014ac476d26c8ad918f14e0 $41,195.58 no 1 week ago 019d5666-721c-732b-98f2-8fef0dd24f32
high codex Mint permission can self-issue admin keys and seize full control 0xccb57afedecc8d975ca4ae06f850a175142499de $41,269.00 no 1 week ago 019d5666-7216-7238-b7b1-e53620c8a60e
high codex Public initializer allows takeover of any uninitialized clone/proxy 0xccb57afedecc8d975ca4ae06f850a175142499de $41,269.00 no 1 week ago 019d5666-7216-7238-b7b1-e53620c8a60e
high codex Fee-on-transfer ERC20s can overmint bridge balances and drain pooled collateral 0x588801ca36558310d91234afc2511502282b1621 $41,272.95 no 1 week ago 019d5666-7210-72a7-9067-e58ac94c06d2