Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Eggstravaganza
Submissions
First Flights
Eggstravaganza
First Flight #37
Beginner Friendly
Solidity
100
EXP
First Flights
100
EXP
Apr 3rd, 2025 → Apr 10th, 2025
View repo
642 / 642
Submissions
Severity
Tags
#1
Insecure Randomness in EggHuntGame.sol
High
#2
Weak Randomness in searchForEgg
High
#3
No Event Emission for Minting
Medium
#4
Use Custom Erorrs Instead of require() for Gas Optimization
Low
#5
Use Custom Errors Instead of require() for Gas Optimization
Low
#6
Game owner can mint as much as wants with threshold manipulation
High
#7
Anyone can steal EggNFTs by frontrunning `EggVault:depositEgg()`
High
#8
On-Chain Randomness Exploit in searchForEgg Function
High
#9
Frontrunning EggVault::depositEgg() allows anyone to withdraw NFTs that they do not own.
High
#10
Missing Access Control on EggVault.depositEgg
Medium
#11
Missing Authorization in the depositEgg()
High
#12
Insecure randomess generator logic which doesn't even work on some EMV chains
High
#13
The searchForEgg() Function in the EggHuntGame Contract is Vulnerable to Random Number Manipulation, Allowing an Attacker to Gain an Unfair Advantage
Medium
#14
Insecure Pseudo-Randomness in searchForEgg()
High
#15
Reentrancy Risk in EggVault.withdrawEgg
Medium
#16
Uninitialized EggVault NFT Reference
Low
#17
Calling EggVault:setEggNFT() will corrupt the entire game state
High
#18
Uninitialized EggVault NFT Reference
Low
#19
Owner shouldn't be able to set the eggFindThreshold to 0
Medium
#20
Reentrancy Risk in depositEggToVault()
Medium
#21
Unsafe NFT Minting In EggstravaganzaNFT.sol::mintEgg()
Medium
#22
MIN_GAME_DURATION can be bypassed because EggHuntGame::endGame() does not check if the required duration has passed.
Medium
#23
Attacker can steal eggs deposited to the vault by registering them before the true owner.
High
#24
`eggFindThreshold` in `EggHuntGame` contract should be constant to save gas.
Low
#25
Weak Randomness in Egg Finding Mechanism Leading To Unfair Advantages For Users
High
#26
Missing NFT tokenURI
Low
#27
Owner-Controlled Egg Find Threshold Can Be Set To 0
High
#28
Poor randomness in EggHuntGame::searchForEgg() leads to predictable outcomes, and lowers the eggFindThreshold
High
#29
Eggs found counter is not reset between games
High
#30
Lack of Event Emission in Key Administrative Functions
Low
Previous
1
2
3
...
More pages
22
Next
Support
FAQs
Can’t find an answer? Join our Discord or follow us on Twitter.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
