Tripwire

Find contracts. Test them. Review real vulns.

Contract

0x1d9d0956621bf85d1d4cafc92d76a0448a5e6b9b skipped chain 1

Latest run: d6e884b9-0d8a-4410-802c-0d7b21b36433 failed

Dedaub

Queue = batch runner. Audit = immediate run. Audit + LLM forces codex.

Value & Balances

$0.00

last balance 3 months ago

ETH

0.0000

WETH

0.0000

USDC

0.00

USDT

0.00

Findings Signal

confirmed findings

crit 0 high 0 unconfirmed 10 total 10

Latest run

d6e884b9-0d8a-4410-802c-0d7b21b36433 failed

validated = confirmed for call sinks; sink observed for others

Proxy & Workflow

linkage

Proxy status

non-proxy

Implementation address

—

Proxies pointing here

View top proxies

0x6aa8b4366d3bcfa51473677e9c961babadcec4e3 $103,816.16

0x0d6b6280915313e7322dcb4d71d511a93a75d98d $0.00

Workflow

skipped

attempts 0

checked 1 week ago

skip blacklisted_codehash

Latest Findings

validated = confirmed for call sinks; sink observed for others

No confirmed findings yet.

Show unconfirmed findings

Severity	Tool	Title	Validated	Confirmed
high	codex	Delegatecall to external ORDER_MANAGER_SINGLETON enables full vault takeover if that address is upgradeable/compromised	no	—
high	detector	Untrusted DELEGATECALL target reachable	no	no
high	detector	Authorization based on tx.origin	no	—
medium	detector	ETH value transfer possible	no	no
medium	detector	CREATE/CREATE2 reachable	no	no
medium	detector	Untrusted CALL target/value reachable	no	no
medium	codex	afterSwap callback is publicly callable with unvalidated parameters	no	—
medium	cast	DELEGATECALL present	no	—
low	cast	Contract creation opcode present	no	—
info	cast	Heavy EXTCODE*/BALANCE usage	no	—

From run d6e884b9-0d8a-4410-802c-0d7b21b36433

Codex

latest run

complete findings

Identified 2 issues: reliance on an external delegatecall-based order manager creates an implicit upgradeability backdoor, and the swap callback is publicly callable without caller validation.

Top findings

high Delegatecall to external ORDER_MANAGER_SINGLETON enables full vault takeover if that address is upgradeable/compromised
medium afterSwap callback is publicly callable with unvalidated parameters

View run

Code Metadata

fingerprint

Created block

—

Code size

20055

Codehash

0x89ee1f55eff4c0b3f54ecdeb80ba7d6faa6b9a0405c97683babff38948fab964

Priority score

0.000000

Latest run id

d6e884b9-0d8a-4410-802c-0d7b21b36433

Recent Runs

last 20

Run ID	Status	Validated	Total findings	Created
8f3cc9ff-49e4-4a03-9644-f885ca76b058	failed	crit 0 high 0	8	3 months ago
d6e884b9-0d8a-4410-802c-0d7b21b36433	failed	crit 0 high 0	10	3 months ago