TW
Tripwire
Find contracts. Test them. Review real vulns.
Confirmed Findings
2,205
crit 60 high 1157
All Findings
46,184
Across all runs
Chain
1
Mainnet focus
Signal Mix
24239
high severity in results
Findings
filter + triage
Reset
Quick filters: candidate lane confirmed only critical high detector codex
Severity Tool Title Address Value USD Validated Confirmed Found Run
medium codex External authority check can fail open on empty returndata 0x409f95f4600ffa420d7693f87a4d73e97fc580a6 $34.10 no 1 week ago 019b3836-4abd-7241-87ee-1dadda0bffa2
low codex `transfer(address,uint256)` appears to return no boolean value 0xebf1031e6690d9befe06dc19b0114c592694abf3 $26,819.05 no 1 week ago 019b3836-4533-7185-8d7b-fedf8e215cd2
low codex Payable fallback silently accepts ETH and unknown selectors 0xebf1031e6690d9befe06dc19b0114c592694abf3 $26,819.05 no 1 week ago 019b3836-4533-7185-8d7b-fedf8e215cd2
medium codex Nonstandard cumulative allowance accounting breaks ERC20 allowance semantics 0x1ba24206d11b5e82886d57491597f04120d14826 $310.00 no 1 week ago 019b3836-45c9-71a9-901e-4ae9cf03b8e0
low codex Allowance overwrite remains front-runnable on approve-and-callback path 0x77075d05891b7e9e8f6cba29e47f7b53c8cd600b $3.10 no 1 week ago 019b3836-45fc-71aa-8579-513441de656c
high codex Privileged mint path can arbitrarily increase balances and total supply 0x9535932d6d5262e5beff6a75b19f092be3b5fba8 $1,390.04 no 1 week ago 019b3836-472f-722a-a5f8-2981e57b8c6f
medium codex Owner can freeze arbitrary accounts, enabling transfer censorship 0x9535932d6d5262e5beff6a75b19f092be3b5fba8 $1,390.04 no 1 week ago 019b3836-472f-722a-a5f8-2981e57b8c6f
medium codex Owner-reachable SELFDESTRUCT path can sweep ETH and may brick the contract on some chains 0x9535932d6d5262e5beff6a75b19f092be3b5fba8 $1,390.04 no 1 week ago 019b3836-472f-722a-a5f8-2981e57b8c6f
medium codex Allowance accounting is cumulative and can become permanently unusable 0x049338e813eb0128ee1bff707a8748fadc7cd4d4 $310.00 no 1 week ago 019b3836-473e-70f1-9e66-6c2c1ba534a3
high codex Owner-controlled source address can redirect public token payouts to arbitrary holder balances 0x2083ba165b902a02a6bf931287dfedd50a4ddd21 $3.10 no 1 week ago 019b3836-3ff6-7390-948c-69931f834a03
medium codex `allowance()` appears to report the approved amount, not the remaining spendable amount 0x2083ba165b902a02a6bf931287dfedd50a4ddd21 $3.10 no 1 week ago 019b3836-3ff6-7390-948c-69931f834a03
medium codex Token-for-ETH payout path ignores CALL failure after moving balances 0x2083ba165b902a02a6bf931287dfedd50a4ddd21 $3.10 no 1 week ago 019b3836-3ff6-7390-948c-69931f834a03
medium codex Best-effort inferred redemption path ignores ETH payout failure 0x3456f6ea53a44d9bdf0d3da99254860531cb0af5 $9.30 no 1 week ago 019b3836-3ff9-7388-a9e7-a9e6cfa6cf52
low codex Financial logic appears to use manipulable block data as randomness 0x3456f6ea53a44d9bdf0d3da99254860531cb0af5 $9.30 no 1 week ago 019b3836-3ff9-7388-a9e7-a9e6cfa6cf52
low codex Payable runtime likely allows ETH to be trapped permanently 0xa9161619071b56d4cacbdd0045b8c12723fcb683 $9,300.00 no 1 week ago 019b3836-4018-7355-8e4c-3fb66cb0a7df
high codex Buy path can underflow the contract inventory balance and mint unbacked tokens 0x9325f6e7767d61d934d118433666d1120863bdcd $6.19 no 1 week ago 019b3836-401c-7174-a301-f7e6710e1b3b
medium codex Economic logic depends on miner-manipulable block data for randomness 0x9325f6e7767d61d934d118433666d1120863bdcd $6.19 no 1 week ago 019b3836-401c-7174-a301-f7e6710e1b3b
medium codex Redeem/sell path burns balance before an unchecked ETH payout 0x9325f6e7767d61d934d118433666d1120863bdcd $6.19 no 1 week ago 019b3836-401c-7174-a301-f7e6710e1b3b
high codex Public selector reaches variable low-level CALLs with possible ETH transfer 0x2d7eb3b1e243595386c8e15abdb91ecfa1785452 $4.96 no 1 week ago 019b3836-4025-70d6-a7b0-45af0967529d
medium codex External CALL result is discarded after prior state write on public path 0x2d7eb3b1e243595386c8e15abdb91ecfa1785452 $4.96 no 1 week ago 019b3836-4025-70d6-a7b0-45af0967529d
low codex Fallback and function entries accept ETH, with no evident recovery path 0xb0c3ffc92314c9192214f202a0d3bd022caeaa94 $3.26 no 1 week ago 019b3836-402f-712f-9b83-79c8b5f61796
low codex `transfer(0xa9059cbb)` does not return the standard ERC20 boolean 0xb0c3ffc92314c9192214f202a0d3bd022caeaa94 $3.26 no 1 week ago 019b3836-402f-712f-9b83-79c8b5f61796
medium codex `buy()` uses miner/validator-influenced block data as entropy for value-bearing outcomes 0xf5540ea5638cf4bda40e6e34ebc005095926aafc $3.10 no 1 week ago 019b3836-4034-73e0-8162-117f992b4342
medium codex `sell(uint256)` updates balances before a low-level payout CALL whose success is ignored 0xf5540ea5638cf4bda40e6e34ebc005095926aafc $3.10 no 1 week ago 019b3836-4034-73e0-8162-117f992b4342
medium codex Unchecked ETH payout can debit seller balances without confirming payment 0xbe1c8694b8457b4f8dd06eb11d236b4aa4d5b2b9 $6.20 no 1 week ago 019b3836-4037-72bb-9d6d-c3ea4fe3f99f
medium codex Standard ERC20 selector 0x23b872dd does not implement transferFrom semantics 0xbe1c8694b8457b4f8dd06eb11d236b4aa4d5b2b9 $6.20 no 1 week ago 019b3836-4037-72bb-9d6d-c3ea4fe3f99f
low codex `transferOwnership` selector does not update the owner slot used by auth checks 0xbe1c8694b8457b4f8dd06eb11d236b4aa4d5b2b9 $6.20 no 1 week ago 019b3836-4037-72bb-9d6d-c3ea4fe3f99f
medium codex allowance() is decoupled from transferFrom spendability 0x3e4dbe589c76cee0baba6cc00c3dcfebd68b4398 $0.33 no 1 week ago 019b3836-4043-7330-b23a-393c16cc71e9
low codex approveAndCall performs an untrusted external callback after recording approval 0x3e4dbe589c76cee0baba6cc00c3dcfebd68b4398 $0.33 no 1 week ago 019b3836-4043-7330-b23a-393c16cc71e9
medium codex Unchecked ETH payout can debit balances even when the transfer fails 0xf8c5d9608790974068051389378cc579cd09c93c $12.40 no 1 week ago 019b3836-4048-70c9-b749-a245db678d41
medium codex Financial outcome appears to depend on manipulable block-derived entropy 0xf8c5d9608790974068051389378cc579cd09c93c $12.40 no 1 week ago 019b3836-4048-70c9-b749-a245db678d41
medium codex Game/payout logic appears to use block data as manipulable randomness 0xb244abeae1a7e1e5d6da9008098bbeecec067c56 $0.78 no 1 week ago 019b3836-404b-706b-ba4c-80007448ffdc
medium codex ETH payout path ignores CALL failure after mutating balances 0xb244abeae1a7e1e5d6da9008098bbeecec067c56 $0.78 no 1 week ago 019b3836-404b-706b-ba4c-80007448ffdc
medium codex Callback-style allowance flow writes state before calling an untrusted contract 0x47e3b185398c178c89cad8bda809d037462008a9 $6.20 no 1 week ago 019b3836-4070-73ff-9bdf-855dfff3d504
low codex Public function 0xe4849b32 reaches a computed external CALL with ambiguous target/value 0x47e3b185398c178c89cad8bda809d037462008a9 $6.20 no 1 week ago 019b3836-4070-73ff-9bdf-855dfff3d504
high codex Sell/redeem path sends ETH before refreshing cached price, enabling reentrant stale-price withdrawals 0xa85e234d071e5acc1d91badd306ed601a38575e8 $28.52 no 1 week ago 019b3836-4073-7178-b5f9-dab237c894e6
medium codex Unchecked ETH payout call can finalize a redemption even when the transfer fails 0xa85e234d071e5acc1d91badd306ed601a38575e8 $28.52 no 1 week ago 019b3836-4073-7178-b5f9-dab237c894e6
medium codex Allowance accounting appears cumulative and is not reset on re-approval 0x13ec114ffdb980cdf470c45dcf45e544d15c4da6 $310.00 no 1 week ago 019b3836-4076-722b-8b7d-9857be4c7abf
low codex Custom approval path performs an unguarded external callback to a user-supplied contract 0x13ec114ffdb980cdf470c45dcf45e544d15c4da6 $310.00 no 1 week ago 019b3836-4076-722b-8b7d-9857be4c7abf
medium codex Multiple state-mutating entrypoints appear publicly callable with no caller-based authorization 0xa3069f217d3e29ff940a1975c2a1b3cdf2739173 $1,550.00 no 1 week ago 019b3836-4091-728c-9d51-13298306971b
low codex Owner-gated SELFDESTRUCT can permanently remove the contract 0xa3069f217d3e29ff940a1975c2a1b3cdf2739173 $1,550.00 no 1 week ago 019b3836-4091-728c-9d51-13298306971b
low codex Fallback path accepts ETH, which appears permanently unrecoverable 0x73d5a00f06e2469b94ca65e3f35796ebc3435eda $3,069.00 no 1 week ago 019b3836-428f-7263-b63a-be18c1ba24dd
critical codex Public selector `0x1d2bca17` can assign arbitrary balance to the caller 0x5fb7f726249ded65635bcebda9b292b026088a87 $3,100.00 no 1 week ago 019b3836-3c1c-73f1-8d3d-ffdb519bf95c
medium codex Same unguarded runtime path appears able to rewrite token metadata (`name`/`symbol`/`decimals`) 0x5fb7f726249ded65635bcebda9b292b026088a87 $3,100.00 no 1 week ago 019b3836-3c1c-73f1-8d3d-ffdb519bf95c
medium codex `transfer` decodes calldata without a length check 0x9b1e3948d22a1a56b2c49154c8768b3826d565dc $310.00 no 1 week ago 019b3836-3c58-7035-a958-137635a8c9c1
low codex Fallback path appears to accept ETH and likely traps it permanently 0x9b1e3948d22a1a56b2c49154c8768b3826d565dc $310.00 no 1 week ago 019b3836-3c58-7035-a958-137635a8c9c1
medium codex Oracle callback accepts any authorized sender response without validating a pending query id 0xcad333e2f7ec4058aa5ba825a5de8af4139490c9 $2.72 no 1 week ago 019b3836-3fab-72b2-b454-064ea28d2ebf
medium codex Public `update()` path can spend ETH from contract balance on oracle queries 0xcad333e2f7ec4058aa5ba825a5de8af4139490c9 $2.72 no 1 week ago 019b3836-3fab-72b2-b454-064ea28d2ebf
low codex Privileged kill switch can sweep balance via `SELFDESTRUCT` 0xcad333e2f7ec4058aa5ba825a5de8af4139490c9 $2.72 no 1 week ago 019b3836-3fab-72b2-b454-064ea28d2ebf
high codex Privileged path authenticates with tx.origin 0x97afa00f26e66bf96a7338e67ee945d1f3080b78 $1,703.78 no 1 week ago 019b3836-3d20-71d0-bbc3-03d9ecb53393