Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Puppy Raffle
Submissions
AI First Flight
Puppy Raffle
AI First Flight #1
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
Jan 4th, 2026 → Jan 4th, 2026
View repo
View results
10 / 10
Submissions
Severity
Validity
Tags
Author
#1
Executing a reentrancy attack from an external contract allows to drain all the ether deposited in the raffle.
High
Valid
[H-02] Reentrancy Vulnerabi...
gush
#2
Weak on-chain randomness allows an attacker to influence the raffle winner and the minted puppy rarity.
High
Valid
[H-03] Randomness can be gamed
gush
#3
Looping through player array to check for duplicates in the `PupplyRaffle::enterRaffle` is a potencial denial of servide (DoS) attack, incrementing gas cost for future entrants.
Medium
Valid
[M-01] `PuppyRaffle: enterR...
gush
#4
Fee accounting uses `uint64 totalFees` and truncates `fee`, which can overflow and lock withdrawals.
High
Valid
[H-05] Typecasting from uin...
gush
#5
Using `address(this).balance == totalFees` makes `withdrawFees()` vulnerable to forced ETH and can lock fees.
Medium
Valid
[M-02] Slightly increasing ...
gush
#6
`abi.encodePacked()` should not be used with dynamic types when passing the result to a hash function such as `keccak256()`
Low
Invalid
gush
#7
`enterRaffle()` allows an empty `newPlayers` array.
Low
Invalid
gush
#8
Request getActivePlayerIndex through `PuppyRaffle::getActivePlayerIndex()` returns 0 both when the user is not in the array and when the user is the first player that entered on the raffle. The player might think they are not active.
Low
Valid
[L-01] Ambiguous index retu...
gush
#9
Missing zero address checks for `feeAddress` can lead to lost fees.
Low
Invalid
gush
#10
`selectWinner()` does not follow a strict CEI / pull-payments pattern.
Low
Invalid
gush
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
