Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Token-0x
Submissions
First Flights
Token-0x
First Flight #54
Beginner Friendly
DeFi
100
EXP
First Flights
100
EXP
Dec 4th, 2025 → Dec 11th, 2025
View repo
285 / 285
Submissions
Severity
Tags
#1
Wasting gas to erase memories
Medium
#2
Integer Underflow in _burn() Function Allows Unlimited Token Minting Through Balance Manipulation
High
#3
Integer Overflow in _transfer() Function Causes Recipient Balance Corruption and Fund Loss
Medium
#4
Missing Transfer Event in _mint() Function Violates ERC20 Standard and Breaks Protocol Integrations
High
#5
Missing Transfer Event in _burn() Function Violates ERC20 Standard and Breaks Protocol Integrations
High
#6
_spendAllowance() Incorrectly Decrements Infinite Approvals Breaking ERC20 Convention
Medium
#7
“Missing return-value checks in custom ERC20 implementation → potential silent transfer failures & fund lock”
High
#8
“Allowance race-condition / ‘multiple withdrawal’ attack possible due to standard approve semantics”
Medium
#9
Unchecked Underflow in _burn (Token Minting)
High
#10
Token0x Does Not Support Fee-On-Transfer / Rebasing Tokens
Low
#11
Fail fast, fail cheap
High
#12
Unchecked Yul Arithmetic Enables Overflow/Underflow in Token Accounting
High
#13
Missing totalSupply Decrement on Burn Causes Supply Mismatch
Medium
#14
Missing Overflow Checks in Assembly-Based ERC20 Storage Operations
Medium
#15
Missing Transfer Events from Address(0) in _mint() and _burn() – Breaks ERC20 Standard Compliance
Medium
#16
Missing Approval Event in _spendAllowance() – Violates Widely Adopted ERC20 Best Practice
Medium
#17
Transfer in Mint and Burn
High
#18
Anyone can burn unowned tokens and mint free tokens.
High
#19
Unchecked arithmetic in `_burn` allows balance and supply underflow
High
#20
Unchecked arithmetic in `_transfer` allows receiver balance overflow
Medium
#21
Unchecked arithmetic in `_mint` allows supply overflow wraparound
High
#22
Internal Functions Use `RETURN` Opcode, Breaking Control Flow
High
#23
Storage Aliasing in `_transfer` Allows Infinite Token Minting via Self-Transfer
High
#24
Silent Mint: Missing Transfer Event Emission in `ERC20Internals::_mint`
High
#25
Mint/Burn do not emit `Transfer` events
Medium
#26
Missing mint/burn Transfer events + balanceOf(0) reverts → Token-0x is invisible and bricks all DeFi protocols
High
#27
Self-Transfer in `_transfer` Creates Tokens Out of Thin Air, Enabling Unlimited Token Minting
High
#28
`_burn` Function Lacks Balance Validation, Causing Integer Underflow and Token Creation
Medium
#29
`_mint` Function Lacks Overflow Protection, Allowing Total Supply and Balance to Wrap to Zero
Medium
#30
`_mint` and `_burn` Functions Do Not Emit Transfer Events, Breaking ERC20 Standard Compliance
Medium
Previous
1
2
3
...
More pages
10
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
