Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Hawk High
Submissions
First Flights
Hawk High
First Flight #39
Beginner Friendly
Solidity
100
EXP
First Flights
100
EXP
May 1st, 2025 → May 8th, 2025
View repo
968 / 968
Submissions
Severity
Tags
#1
reviewCount Not Incrementing After Reviews
High
#2
M-01. Student who doesn't meet the `cutOffScore` are upgraded
Medium
#3
Missing _disableInitializers() in Constructor
Low
#4
M-02. System can be upgraded even if the session is not finished
Low
#5
H-01. Incorrect pay per Teacher calculation in graduateAndUpgrade
High
#6
L-01. Error HH__HawkHighFeesNotPaid is never used
Low
#7
Unsafe use of Immutable variable could lead to unexpected behaviour and inconsistencies in future upgrade
Medium
#8
Uninitialized State Variable
Medium
#9
Unprotected Upgradeable Contract Function
High
#10
Ignored Return Values in Delegate Calls
Medium
#11
The Principal can add theirself as a teacher, sharing with all other teachers the 35% of all fees in addition to their fixed 5% fees
Medium
#12
Multiple Uninitialized State Variables in School Management Contract
High
#13
LevelOne.graduateAndUpgrade() can be called at any time, bypassing the sessionEnd requirement
High
#14
Missing division by totalTeachers causes 35% bursary to be sent to every teacher causing fund mismanagement and DOS.
High
#15
Invariant Violation — Teacher Wage Increase from 35% To 40% on System Upgrade
Low
#16
Smart Contract Audit Report
Medium
#17
Students can get 5 reviews in one school session
Medium
#18
Incorrect Calculation of `payPerTeacher` in `LevelOne::graduateAndUpgrade()` will pay out the total allocated wages for all teachers to each teacher grossly mismanaging the bursary funds.
High
#19
[H-01] `LevelOne::giveReview` Does Not Increment `reviewCount`, Breaking Review Tracking System
High
#20
Incorrect Fund Distribution Leaves Bursary Funds Locked
High
#21
Review Count Limit Not Enforced Due to Missing Increment
Medium
#22
Post-Session Score Modifications Allowed
Medium
#23
Unspecified Error in Expel Function
Low
#24
[H-02] Principal Can Illegally Add Themselves as Teacher to Double-Dip Salary Payments
High
#25
Missing Access Control on initialize in DeployLevelOne.s.sol
High
#26
[H-03] Principal Can Rug Teachers by Removing Them After Session Ends But Before Payment Distribution
High
#27
[H-04] Principal Can Maliciously Expel Students After Session Ends, Blocking Legitimate Graduation
Medium
#28
Student Score Underflow Due to Unchecked Subtraction in giveReview
Medium
#29
Malicious Proxy Upgrade Due to Inadequate Authorization in UUPS
Low
#30
Incorrect teacher payment calculation leads to overpayment and function failure
High
Previous
1
2
3
...
More pages
33
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
