| Severity | Tool | Title | Validated | Confirmed |
|---|---|---|---|---|
| high | codex | Public initializers enable proxy takeover if not called atomically | no | — |
| high | detector | Authorization based on tx.origin | no | — |
| medium | detector | Untrusted CALL target/value reachable | no | no |
| medium | codex | KRWT ownership can be reclaimed after renounce via initialize | no | — |
| medium | detector | ETH value transfer possible | no | no |
| low | codex | Fee validation uses OR, allowing invalid fees that break mint/withdraw math | no | — |
| info | cast | Heavy CALL-family usage | no | — |
| info | cast | Heavy EXTCODE*/BALANCE usage | no | — |
| Run ID | Status | Validated | Total findings | Created |
|---|---|---|---|---|
| 6adc28be-aba1-44fe-9c3c-bc4426b6b603 | failed | crit 0 high 0 | 5 | 3 months ago |
| 845cb09f-5c1f-4394-8c8b-28bd2c6cb69a | failed | crit 0 high 0 | 9 | 3 months ago |