Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
One Shot: Reloaded
Submissions
First Flights
One Shot: Reloaded
First Flight #47
Beginner Friendly
NFT
100
EXP
First Flights
100
EXP
Sep 11th, 2025 → Sep 18th, 2025
View repo
120 / 120
Submissions
Severity
Tags
#1
Insecure RNG in rap_battle
Medium
#2
Predictable RNG using timestamp::now_seconds() enables outcome manipulation
High
#3
Unstake Binding Bug — NFT Theft & Fake Rewards
High
#4
Battle Ownership Bug — Winner Takes Both NFTs
Medium
#5
Weak RNG — Predictable Battle Outcomes
Medium
#6
Missing Ownership Assertion — State Corruption Risk
Medium
#7
Insecure randomness source for battle outcomes.
High
#8
Losing Rapper NFT is permanently stuck in protocol custody.
High
#9
Winner Steals Loser's NFT Due to Flawed Ownership Transfer Logic in Battle
High
#10
อีก10นาที
Low
#11
Winner Steals Loser's NFT in Battles
Medium
#12
NFTs Permanently Stuck in Protocol Custody After Battles
High
#13
Centralized Control Over Unstaking and NFT Retrieval
High
#14
Unstake Aborts if User Not Registered for CRED
Medium
#15
Weak Randomness in Battle Outcomes
Medium
#16
Staking Limited to One NFT Per Address (Implicit and Unenforced)
Medium
#17
Self-Battles Possible, Leading to Wasted Gas or Manipulated Wins
Low
#18
Misleading Minter Field in MintRapperEvent
Low
#19
No Minimum Bet Amount in Battles
Low
#20
Empty Token URI in Minted Rappers
Low
#21
Access Control Bypass Vulnerability in cred_token contract
Medium
#22
Event Misattribution in MintRapperEvent
Medium
#23
Predictable outcome
High
#24
[H-01] Centralized Mint Authority Can Manipulate Token Supply
High
#25
[H-02] NFT Ownership Registry Can Become Desynchronized
Medium
#26
[H-03] Battle RNG Manipulation Through Timestamp Control
Medium
#27
[M-01] Integer Underflow in Staking Rewards Calculation
Medium
#28
[M-02] Missing Access Control on Internal Functions
Medium
#29
[L-01] Lack of Event Emission for Important State Changes
Low
#30
[L-02] No Validation of Token Authenticity in Battle Functions
Low
Previous
1
2
3
4
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
