Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
SNARKeling Treasure Hunt
Submissions
First Flights
SNARKeling Treasure Hunt
First Flight #59
Beginner Friendly
GameFi
Foundry
100
EXP
First Flights
100
EXP
Apr 16th, 2026 → Apr 23rd, 2026
View repo
248 / 248
Submissions
Severity
Tags
#1
Incorrect mapping key used in claim check allows infinite treasure claims and complete fund drain
High
#2
### [H-1] Wrong variable used in claim() breaks duplicate protection (replay issue)
High
#3
[H-1] Typo in claim() checks uninitialized _treasureHash instead of treasureHash argument, allowing an attacker to bypass the claim check and drain the contract
High
#4
[M-1] Missing onlyOwner modifier on withdraw() allows anyone to force premature fund sweep
Medium
#5
Wrong Event Emission
Low
#6
Missing zero-address validation on UpdateVerifier method
High
#7
Lack of Access Control, anyone can trigger the withdraw function
Medium
#8
(MEDIUM) Claimed event emits msg.sender instead of recipient, so every off-chain indexer records the wrong payee
Medium
#9
Wrong hash for treasure checked in claim function
High
#10
(HIGH) Wrong variable in "already claimed" check allows unlimited reclaim of the same treasure. One valid proof drains the entire 100 ETH prize pool
High
#11
No Minimum Balance Check in Constructor
Low
#12
Bypass of Intended flow -> Missing msg.value() check in constructor
Low
#13
Same valid treasure proof can be replayed until the full hunt balance is drained
High
#14
Circuit omits advertised treasure 9 hash and duplicates treasure 10 hash, leaving one reward slot unclaimable
Medium
#15
Uninitialized `_treasureHash` immutable causes claim() to check wrong slot, allowing unlimited claims with a single valid proof
High
#16
ALLOWED_TREASURE_HASHES contains a duplicate entry, so the hunt exposes only 9 unique treasures while MAX_TREASURES == 10
Medium
#17
`Claimed` event emits `msg.sender` under a parameter declared as `recipient`, misleading off-chain consumers
Low
#18
`withdraw()` is publicly callable, enabling griefing of the owner after the hunt ends
Low
#19
[C-01] TreasureHunt::claim uses uninitialized immutable variable _treasureHash allowing contract draining via double-spending
High
#20
[H-01] Duplicate hash in ALLOWED_TREASURE_HASHES renders treasure "9" unclaimable
High
#21
[H-02] Permanent lock of funds in TreasureHunt due to unattainable claimsCount
High
#22
[L-01] TreasureHunt::claim incorrectly logs msg.sender in Claimed event
Low
#23
[M-01] Deployment script lacks validation for sufficient initial funding leading to insolvency
Medium
#24
Wrong variable in claim() double-spend check lets attacker drain all funds with one proof
High
#25
Duplicate hash in Noir circuit makes treasure 9 permanently unclaimable
High
#26
Wrong storage variable used in duplicate-claim check
High
#27
Duplicate entry in ALLOWED_TREASURE_HASHES permanently locks 10 ETH
High
#28
Uninitialized immutable `_treasureHash` breaks double-claim protection - any valid proof replayable to drain all 100 ETH
High
#29
Duplicate hash in ALLOWED_TREASURE_HASHES - treasure #9 is undiscoverable, 10 ETH permanently stranded, withdraw() bricked
Medium
#30
Claimed event emits msg.sender as recipient - off-chain indexers attribute rewards to wrong address
Low
Previous
1
2
3
...
More pages
9
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
