Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
AirDropper
Submissions
AI First Flight
AirDropper
AI First Flight #5
Beginner Friendly
DeFi
Foundry
EXP
AI First Flight
EXP
May 12th, 2026 → May 12th, 2026
View repo
View results
6 / 6
Submissions
Severity
Validity
Tags
Author
#1
MerkleAirdrop::claim has no replay protection, allowing any eligible address to drain the entire contract balance
High
Valid
[H-02] Eligible users can c...
cybervikink
#2
MerkleAirdrop::claim uses strict equality msg.value != FEE, permanently blocking eligible users who overpay by any amount
Medium
Invalid
cybervikink
#3
MerkleAirdrop::claim accepts a caller-supplied account address instead of msg.sender, allowing anyone to trigger claims for other addresses without consent
Medium
Invalid
cybervikink
#4
Deploy.s.sol uses two different address literals for the USDC token, one of which has an incorrect EIP-55 checksum
High
Valid
[H-01] Address of USDC toke...
cybervikink
#5
makeMerkle.js encodes 25e18 into merkle leaves while Deploy.s.sol funds the contract with only 25e6 USDC, making every claim permanently revert
High
Valid
[H-03] Wrong Merkle Root us...
cybervikink
#6
MerkleAirdrop declares a MerkleRootUpdated event that is never emitted because i_merkleRoot is immutable and has no setter
Low
Invalid
cybervikink
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
