Tripwire

Find contracts. Test them. Review real vulns.

Contract

0x438285fbccba55ce8cdef276030e6b35a0b65b6b checked chain 1

Latest run: 019c0eaa-1573-73c9-bdcd-698f810a9fbd complete

Dedaub

Queue = batch runner. Audit = immediate run. Audit + LLM forces codex.

Value & Balances

$0.00

last balance 3 months ago

ETH

0.0000

WETH

0.0000

USDC

0.00

USDT

0.00

Findings Signal

confirmed findings

crit 0 high 0 unconfirmed 12 total 12

Latest run

019c0eaa-1573-73c9-bdcd-698f810a9fbd complete

validated = confirmed for call sinks; sink observed for others

Proxy & Workflow

linkage

Proxy status

non-proxy

Implementation address

—

Proxies pointing here

View top proxies

0x02b758ce469af940c57a42ad1de5d404122bc283 $44,725.62

Workflow

checked

attempts 0

checked 2 months ago

Latest Findings

validated = confirmed for call sinks; sink observed for others

No confirmed findings yet.

Show unconfirmed findings

Severity	Tool	Title	Validated	Confirmed
critical	detector	Untrusted DELEGATECALL target reachable	no	no
high	slither	Reentrancy in GenericBridge.claimToken(address,address,uint256,uint256[],bytes32,bytes32[],bytes32[],uint8[],string,string,uint8) (contracts/generic/GenericBridge.sol#308-459):	no	—
high	slither	Reentrancy in GenericBridge.claimToken(address,address,uint256,uint256[],bytes32,bytes32[],bytes32[],uint8[],string,string,uint8) (contracts/generic/GenericBridge.sol#308-459):	no	—
high	slither	ERC1967UpgradeUpgradeable._functionDelegateCall(address,bytes) (@openzeppelin/contracts-upgradeable/proxy/ERC1967/ERC1967UpgradeUpgradeable.sol#207-213) uses delegatecall to a i...	no	—
high	detector	Untrusted CALL target/value reachable	no	no
high	detector	ETH value transfer possible	no	no
medium	detector	CREATE/CREATE2 reachable	no	no
medium	cast	DELEGATECALL present	no	—
medium	codex	Signatures lack contract-domain separation, enabling replay across bridge instances	no	—
low	codex	addApprovers allows zero address, letting invalid signatures count as approvals	no	—
low	cast	Contract creation opcode present	no	—
info	cast	Heavy EXTCODE*/BALANCE usage	no	—

From run 019c0eaa-1573-73c9-bdcd-698f810a9fbd

Codex

latest run

complete source findings

Found two auth-related issues: signatures are not domain-separated (replayable across bridge instances) and zero-address approvers can lower the effective signature threshold.

Top findings

medium Signatures lack contract-domain separation, enabling replay across bridge instances
low addApprovers allows zero address, letting invalid signatures count as approvals

View run

Code Metadata

fingerprint

Created block

—

Code size

23013

Codehash

0x2fd481fb8146478a6d92f46e465394d3a4bccdc102382e3ff8466a27f4038b9b

Priority score

0.000000

Latest run id

—

Recent Runs

last 20

Run ID	Status	Validated	Total findings	Created
019c0eaa-1573-73c9-bdcd-698f810a9fbd	complete	crit 0 high 0	12	2 months ago