Tripwire

Find contracts. Test them. Review real vulns.

Contract

0xa8372d6ff00d48a25baa1af16d6a86c936708f4e failed chain 1

Latest run: 019d5667-1339-71d8-a320-f4112d024afe failed

Dedaub

Queue = batch runner. Audit = immediate run. Audit + LLM forces codex.

Value & Balances

$0.00

last balance 3 months ago

ETH

0.0000

WETH

0.0000

USDC

0.00

USDT

0.00

Findings Signal

confirmed findings

crit 0 high 0 unconfirmed 7 total 7

Latest run

019d5667-1339-71d8-a320-f4112d024afe failed

validated = confirmed for call sinks; sink observed for others

Proxy & Workflow

linkage

Proxy status

non-proxy

Implementation address

—

Proxies pointing here

View top proxies

0x63105ee97bfb22dfe23033b3b14a4f8fed121ee9 $41,127.55

Workflow

failed

attempts 0

checked 1 week ago

error slither failed (exit 1): 'forge clean' running (wd: /tmp/slither-v4qx8jav) 'forge config --json' running 'forge build --build-info --skip ./test/** ./script/** --force' running (wd: /tmp/slither-v4qx8jav) 'forge' returned non-zero exit code 1 Error: Encountered invalid solc version in lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol: No solc version exists that matches the version requirement: ^0.8.20 Traceback (most recent call last): File "/var/www/tripwire/.venv/bin/slither", line 10, in <module> sys.exit(main()) ~~~~^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 776, in main main_impl(all_detector_classes=detectors, all_printer_classes=printers) ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 882, in main_impl ) = process_all(filename, args, detector_classes, printer_classes) ~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/slither/__main__.py", line 96, in process_all compilations = compile_all(target, **vars(args)) File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 722, in compile_all compilations.append(CryticCompile(target, **kwargs)) ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 211, in __init__ self._compile(**kwargs) ~~~~~~~~~~~~~^^^^^^^^^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/crytic_compile.py", line 633, in _compile self._platform.compile(self, **kwargs) ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/platform/foundry.py", line 102, in compile hardhat_like_parsing( ~~~~~~~~~~~~~~~~~~~~^ crytic_compile, str(self._target), build_directory, str(self._project_root) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ) ^ File "/var/www/tripwire/.venv/lib/python3.13/site-packages/crytic_compile/platform/hardhat.py", line 52, in hardhat_like_parsing raise InvalidCompilation(txt) crytic_compile.platform.exceptions.InvalidCompilation: Compilation failed. Can you run build command? /tmp/slither-v4qx8jav/out/build-info is not a directory.

Latest Findings

validated = confirmed for call sinks; sink observed for others

No confirmed findings yet.

Show unconfirmed findings

Severity	Tool	Title	Validated	Confirmed
critical	detector	Untrusted DELEGATECALL target reachable	no	no
high	detector	Untrusted CALL target/value reachable	no	no
high	detector	ETH value transfer possible	no	no
high	codex	Deposits credit the requested amount instead of the amount actually received	no	—
medium	codex	Withdrawal signatures are replayable across predicate instances on the same chain	no	—
medium	cast	DELEGATECALL present	no	—
info	cast	Heavy CALL-family usage	no	—

From run 019d5667-1339-71d8-a320-f4112d024afe

Codex

latest run

complete source findings

Two exploitable issues were identified in the first-party bridge predicate: incorrect ERC20 deposit accounting and missing domain separation in withdrawal signatures.

Top findings

high Deposits credit the requested amount instead of the amount actually received
medium Withdrawal signatures are replayable across predicate instances on the same chain

View run

Code Metadata

fingerprint

Created block

—

Code size

12981

Codehash

0x86fe0cc40a1e4c1344aa693450010e98a641c5b3713f89e3f8e4a09d5574a954

Priority score

0.000000

Latest run id

—

Recent Runs

last 20

Run ID	Status	Validated	Total findings	Created
019d5667-1339-71d8-a320-f4112d024afe	failed	crit 0 high 0	7	1 week ago