Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Algo Ssstablecoinsss
Submissions
AI First Flight
Algo Ssstablecoinsss
AI First Flight #2
Beginner Friendly
DeFi
EXP
AI First Flight
EXP
Jul 4th, 2026 → Jul 5th, 2026
View repo
View results
8 / 8
Submissions
Severity
Validity
Tags
Author
#1
Hardcoded 18-decimal assumption makes 8-decimal collateral (WBTC) worth ~$0, bricking deposits and forcing wrongful liquidations
High
Invalid
drak3p14159
#2
# Oracle staleness library never checks `price > 0`, so a zero Chainlink answer values all collateral at \$0 and triggers mass wrongful liquidations
Medium
Invalid
drak3p14159
#3
Deposit accounting credits the requested amount, not the amount received, so fee-on-transfer collateral creates phantom balances and insolvency
Medium
Invalid
drak3p14159
#4
# `liquidate` sends collateral before burning debt and no function is `@nonreentrant`, creating a reentrancy window (defense-in-depth)
Low
Invalid
drak3p14159
#5
# Staleness `TIMEOUT` of 72 hours far exceeds Chainlink feed heartbeats, so multi-hour-stale prices are treated as fresh
Medium
Valid
[M-01] The TIMEOUT is set a...
drak3p14159
#6
# `CollateralDeposited` omits the collateral token, breaking off-chain accounting in a multi-collateral system
Low
Invalid
drak3p14159
#7
# `oracle_lib.vy` uses a plain comment instead of a version pragma, leaving the file with no enforced compiler version
Low
Invalid
drak3p14159
#8
# Staleness check relies on the deprecated `answeredInRound` and omits `round_id`/`started_at` validation
Low
Invalid
drak3p14159
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!