TW
Tripwire
Find contracts. Test them. Review real vulns.
Contract
0x04393e5c6701237d7ee836d644f8dbdd122afebc failed chain 1
Latest run: 019d5666-b2b6-72b3-991d-f09cf3f2b2ec failed
Dedaub
Queue = batch runner. Audit = immediate run. Audit + LLM forces codex.
Value & Balances
$0.00
last balance 3 months ago
ETH
0.0000
WETH
0.0000
USDC
0.00
USDT
0.00
Findings Signal
0
confirmed findings
crit 0 high 0 unconfirmed 10 total 10
validated = confirmed for call sinks; sink observed for others

Proxy & Workflow

linkage
Workflow
failed
attempts 0
checked 1 week ago
error slither failed (exit 1): 'forge clean' running (wd: /tmp/slither-4ykhde_k) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-4ykhde_k) 'forge' returned non-zero exit code 1 2026-04-04T04:34:08.343021Z ERROR foundry_compilers_artifacts_solc::sources: error="/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/contracts/token/ERC20/SafeERC20.sol": No such file or directory (os error 2) stdout: 2026-04-04T04:34:08.343150Z ERROR foundry_compilers_artifacts_solc::sources: error="/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/contracts/cryptography/ECDSA.sol": No such file or directory (os error 2) stdout: 2026-04-04T04:34:08.343323Z ERROR foundry_compilers_artifacts_solc::sources: error="/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/contracts/utils/SafeCast.sol": No such file or directory (os error 2) stdout: 2026-04-04T04:34:08.343385Z ERROR foundry_compilers_artifacts_solc::sources: error="/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/contracts/math/SignedSafeMath.sol": No such file or directory (os error 2) stdout: 2026-04-04T04:34:08.343504Z ERROR foundry_compilers_artifacts_solc::sources: error="/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/contracts/math/SignedSafeMath.sol": No such file or directory (os error 2) stdout: 2026-04-04T04:34:08.343523Z ERROR foundry_compilers_artifacts_solc::sources: error="/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/contracts/cryptography/ECDSA.sol": No such file or directory (os error 2) stdout: 2026-04-04T04:34:08.343538Z ERROR foundry_compilers_artifacts_solc::sources: error="/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/contracts/token/ERC20/SafeERC20.sol": No such file or directory (os error 2) stdout: 2026-04-04T04:34:08.343566Z ERROR foundry_compilers_artifacts_solc::sources: error="/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/contracts/math/SafeMath.sol": No such file or directory (os error 2) stdout: 2026-04-04T04:34:08.343787Z ERROR foundry_compilers_artifacts_solc::sources: error="/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/contracts/token/ERC20/SafeERC20.sol": No such file or directory (os error 2) stdout: Unable to resolve imports: stdout: "@openzeppelin/contracts/math/SafeMath.sol" in "/tmp/slither-4ykhde_k/contracts/lib/UniversalERC20.sol" stdout: "@openzeppelin/contracts/token/ERC20/SafeERC20.sol" in "/tmp/slither-4ykhde_k/contracts/token/TimeLockRegistry.sol" stdout: "@openzeppelin/contracts/utils/SafeCast.sol" in "/tmp/slither-4ykhde_k/contracts/gardens/Garden.sol" stdout: "@openzeppelin/contracts/cryptography/ECDSA.sol" in "/tmp/slither-4ykhde_k/contracts/gardens/Garden.sol" stdout: "@openzeppelin/contracts/token/ERC20/SafeERC20.sol" in "/tmp/slither-4ykhde_k/contracts/gardens/Garden.sol" stdout: "@openzeppelin/contracts/math/SignedSafeMath.sol" in "/tmp/slither-4ykhde_k/contracts/gardens/Garden.sol" stdout: "@openzeppelin/contracts/cryptography/ECDSA.sol" in "/tmp/slither-4ykhde_k/contracts/lib/SignatureChecker.sol" stdout: "@openzeppelin/contracts/math/SignedSafeMath.sol" in "/tmp/slither-4ykhde_k/contracts/lib/PreciseUnitMath.sol" stdout: "@openzeppelin/contracts/token/ERC20/SafeERC20.sol" in "/tmp/slither-4ykhde_k/contracts/lib/UniversalERC20.sol" stdout: with remappings: stdout: openzeppelin-contracts/=/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/ stdout: @openzeppelin/contracts/=/tmp/slither-4ykhde_k/lib/openzeppelin-contracts/contracts/ Error: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/utils/Address.sol: No solc version exists that matches the version requirement: ^0.8.20 stderr: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/access/Ownable.sol: No solc version exists that matches the version requirement: ^0.8.20 stderr: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/utils/Address.sol: No solc version exists that matches the version requirement: ^0.8.20 stderr: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/access/Ownable.sol: No solc version exists that matches the version requirement: ^0.8.20 stderr: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/proxy/Proxy.sol: No solc version exists that matches the version requirement: ^0.8.20 stderr: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/access/Ownable.sol: No solc version exists that matches the version requirement: ^0.8.20 stderr: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/access/Ownable.sol: No solc version exists that matches the version requirement: ^0.8.20 stderr: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/token/ERC20/ERC20.sol: No solc version exists that matches the version requirement: ^0.8.20 Traceback (most recent call last): File "/var/www/tripwire/.venv/bin/slither", line 10, in <module> sys.exit(main()) ~~~~^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 776, in main main_impl(all_detector_classes=detectors, all_printer_classes=printers) ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 882, in main_impl ) = process_all(filename, args, detector_classes, printer_classes) ~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 96, in process_all compilations = compile_all(target, **vars(args)) File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 722, in compile_all compilations.append(CryticCompile(target, **kwargs)) ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 211, in __init__ self._compile(**kwargs) ~~~~~~~~~~~~~^^^^^^^^^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 633, in _compile self._platform.compile(self, **kwargs) ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/platform/foundry.py", line 102, in compile hardhat_like_parsing( ~~~~~~~~~~~~~~~~~~~~^ crytic_compile, str(self._target), build_directory, str(self._project_root) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ) ^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/platform/hardhat.py", line 52, in hardhat_like_parsing raise InvalidCompilation(txt) crytic_compile.platform.exceptions.InvalidCompilation: Compilation failed. Can you run build command? /tmp/slither-4ykhde_k/out/build-info is not a directory.

Latest Findings

validated = confirmed for call sinks; sink observed for others
No confirmed findings yet.
Show unconfirmed findings
Severity Tool Title Validated Confirmed
high detector Authorization based on tx.origin no
high codex `claimAndStakeRewardsBySig` signatures are replayable across different gardens no
high codex Keeper-controlled pricePerShare can be stair-stepped away from real NAV and used to overmint/overwithdraw no
high detector Untrusted DELEGATECALL target reachable no no
medium codex First `setTimeLockRegistry` call is permissionless, enabling vesting-registry takeover no
medium detector Untrusted CALL target/value reachable no no
medium detector ETH value transfer possible no no
medium cast DELEGATECALL present no
info cast Heavy EXTCODE*/BALANCE usage no
info cast Heavy CALL-family usage no
From run 019d5666-b2b6-72b3-991d-f09cf3f2b2ec

Codex

latest run
complete source findings
Three material issues: keeper-supplied share prices can be ratcheted to steal TVL, stake-and-claim signatures replay across gardens, and the vesting registry can be seized before first initialization.
Top findings
  • high `claimAndStakeRewardsBySig` signatures are replayable across different gardens
  • high Keeper-controlled pricePerShare can be stair-stepped away from real NAV and used to overmint/overwithdraw
  • medium First `setTimeLockRegistry` call is permissionless, enabling vesting-registry takeover
View run

Code Metadata

fingerprint
Created block
Code size
23689
Codehash
0x8ae1f570a242ce890827291cf9a4aec073d8c9bdae6d0c9573a9aad44571f919
Priority score
0.000000
Latest run id

Recent Runs

last 20
Run ID Status Validated Total findings Created
019d5666-b2b6-72b3-991d-f09cf3f2b2ec failed crit 0 high 0 10 1 week ago