Tripwire

Find contracts. Test them. Review real vulns.

Contract

0xec8902afffb06d0b075ea2d6fb3a45ec8598c39b failed chain 1

Latest run: 019d5666-7793-71fe-8365-fe0e83fcb95f failed

Dedaub

Queue = batch runner. Audit = immediate run. Audit + LLM forces codex.

Value & Balances

$0.00

last balance 3 months ago

ETH

0.0000

WETH

0.0000

USDC

0.00

USDT

0.00

Findings Signal

confirmed findings

crit 0 high 0 unconfirmed 9 total 9

Latest run

019d5666-7793-71fe-8365-fe0e83fcb95f failed

validated = confirmed for call sinks; sink observed for others

Proxy & Workflow

linkage

Proxy status

non-proxy

Implementation address

—

Proxies pointing here

96 showing top 10

View top proxies

0xba4f097d22f283e619873f8e034755fc2e5a7c90 $41,846.47

0xea2d0de5812ea31e1a2e8eac76bf050f0e20d6ad $10,515.93

0xe6cf9c6cf6dcb3997c879f29f87f5231d974ebd5 $3,894.85

0x4949e490b48ec4ccc9684029e808d9eb08c98405 $3,731.02

0x31f90f223e8d49d8c24c4c3fdc529847320f3ada $2,122.58

0xe2992fddcc6421634b86d76c20b8fc20edf32601 $1,948.92

0xcbd8b5f1acae33074b0f4b14b9a21d7c821df4be $794.43

0xe9d7af869d6b44f2b4b87d024bf10d6da937717f $732.56

0xbcde2970048b5c58188955f905f12f7d519933a6 $661.77

0xbc6fc5d42f43d8df932f599b047c3ab1b1d03616 $617.62

Workflow

failed

attempts 0

checked 1 week ago

error 500 Server Error: Internal Server Error for url: https://tripwire.topgun.bot/internal/jobs/43003/complete

Latest Findings

validated = confirmed for call sinks; sink observed for others

No confirmed findings yet.

Show unconfirmed findings

Severity	Tool	Title	Validated	Confirmed
high	detector	Authorization based on tx.origin	no	—
high	detector	Untrusted DELEGATECALL target reachable	no	no
high	codex	Signed actions can be replayed across different GuruFund instances	no	—
medium	codex	Anyone can front-run and consume another user's signed payload nonce	no	—
medium	detector	Untrusted CALL target/value reachable	no	no
medium	detector	ETH value transfer possible	no	no
medium	cast	DELEGATECALL present	no	—
info	cast	Heavy CALL-family usage	no	—
info	cast	Heavy EXTCODE*/BALANCE usage	no	—

From run 019d5666-7793-71fe-8365-fe0e83fcb95f

Codex

latest run

complete source findings

Two exploitable auth issues were found: third parties can consume any valid signature nonce before the intended call executes, and signed payloads are not bound to a specific fund instance, enabling cross-fund replay.

Top findings

high Signed actions can be replayed across different GuruFund instances
medium Anyone can front-run and consume another user's signed payload nonce

View run

Code Metadata

fingerprint

Created block

—

Code size

19845

Codehash

0xdbab875662e5705766439e53ba5955202dc47d7798ad788f89e48ce523375acf

Priority score

0.000000

Latest run id

—

Recent Runs

last 20

Run ID	Status	Validated	Total findings	Created
019d5666-7793-71fe-8365-fe0e83fcb95f	failed	crit 0 high 0	9	1 week ago