Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
DatingDapp
Submissions
AI First Flight
DatingDapp
AI First Flight #6
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
Apr 5th, 2026 → Apr 5th, 2026
View repo
View results
10 / 10
Submissions
Severity
Validity
Tags
Author
#1
Missing userBalances credit in likeUser() causes match rewards to always distribute zero ETH
High
Valid
[H-01] After the user calls...
virgilbb
#2
blockProfile() deletes profileToToken mapping without blacklisting the address, allowing blocked users to immediately re-mint a new profile
Medium
Valid
[M-01] `SoulboundProfileNFT...
virgilbb
#3
matchRewards() zeroes userBalances globally, so a user matched a second time contributes 0 ETH and forces their new match partner to fund the MultiSig alone
Medium
Valid
[M-02] Logic flaw in `LikeR...
virgilbb
#4
Owner can call blockProfile() on any user at any time, burning their NFT and permanently locking any pending ETH they have committed to likes
Medium
Valid
[M-03] App owner can have u...
virgilbb
#5
mintProfile() calls _safeMint before updating profileToToken, allowing a malicious contract to re-enter mintProfile() via onERC721Received and mint a second NFT
Medium
Valid
[M-04] Reentrancy in `Soulb...
virgilbb
#6
MultiSigWallet has no cancellation or timeout mechanism, permanently locking matched users' ETH if either owner refuses to cooperate
Medium
Invalid
virgilbb
#7
matchRewards() deploys MultiSigWallet but never stores or emits the address, making matched users' reward wallet undiscoverable on-chain
Low
Invalid
virgilbb
#8
likeUser() locks ETH permanently with no unlike or refund mechanism when a match never occurs
High
Valid
[H-01] After the user calls...
virgilbb
#9
burnProfile() does not clear the likes mapping, leaving stale like entries that permanently lock ETH and block future match attempts
Low
Invalid
virgilbb
#10
FIXEDFEE is hardcoded as immutable with no setter, preventing the owner from adjusting the fee rate after deployment
Low
Invalid
virgilbb
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
