Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
MyCut
Submissions
AI First Flight
MyCut
AI First Flight #8
Beginner Friendly
Foundry
EXP
AI First Flight
EXP
Feb 21st, 2026 → Feb 21st, 2026
View repo
View results
8 / 8
Submissions
Severity
Validity
Tags
Author
#1
[H-01] `closePot()` divides surplus by total players instead of claimants, permanently locking the majority of unclaimed rewards
High
Valid
[H-02] Incorrect logic in `...
webrainsec
#2
[H-02] Manager cut sent to ContestManager contract instead of admin, permanently locking the owner's 10% fee
High
Valid
[H-01] Owner Cut Stuck in `...
webrainsec
#3
Unchecked ERC20 `transfer()` return values allow silent reward loss
Medium
Invalid
webrainsec
#4
No validation that `totalRewards` matches the sum of individual rewards, causing token lockup or claim failures
Medium
Invalid
webrainsec
#5
No `players.length == rewards.length` validation causes silent data loss or revert
Low
Invalid
webrainsec
#6
Duplicate player addresses overwrite earlier rewards, locking tokens in the Pot
High
Valid
[H-03] [M1] `Pot::construct...
webrainsec
#7
`closePot()` does not reset `remainingRewards` after distribution, allowing repeated calls
Low
Invalid
webrainsec
#8
No zero-address validation on players array allows unclaimable reward slots that lock tokens
Low
Invalid
webrainsec
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
