Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Puppy Raffle
Submissions
AI First Flight
Puppy Raffle
AI First Flight #1
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
May 31st, 2026 → Jun 1st, 2026
View repo
View results
9 / 9
Submissions
Severity
Validity
Tags
Author
#1
Reentrancy in `refund()` allows draining all contract ETH
High
Valid
[H-02] Reentrancy Vulnerabi...
0xj3d1
#2
Predictable on-chain randomness in `selectWinner()` allows a participant to influence or predict both the winner and the NFT rarity
High
Valid
[H-03] Randomness can be gamed
0xj3d1
#3
`totalFees` is a `uint64` and is updated with an unchecked `uint64(fee)` cast under Solidity 0.7.6, so fee accounting silently truncates/overflows and `withdrawFees()` becomes permanently uncallable
High
Valid
[H-05] Typecasting from uin...
0xj3d1
#4
Quadratic duplicate-address check in `enterRaffle()` makes gas cost grow with the square of the player count, eventually exceeding the block gas limit and freezing entries
Medium
Valid
[M-01] `PuppyRaffle: enterR...
0xj3d1
#5
selectWinner() computes the pot from players.length, which still counts refunded (zeroed) slots, causing prize/fee over-accounting and allowing the prize to be sent to address(0)
High
Valid
[H-01] Potential Loss of Fu...
0xj3d1
#6
selectWinner() uses _safeMint, so if the randomly selected winner is a contract that does not implement onERC721Received, the entire draw reverts and the raffle cannot conclude
Low
Invalid
0xj3d1
#7
withdrawFees() requires address(this).balance == totalFees, which an attacker can permanently break by force-sending ETH via selfdestruct
Low
Invalid
0xj3d1
#8
getActivePlayerIndex() returns 0 for both the first player and a non-player
Low
Valid
[L-01] Ambiguous index retu...
0xj3d1
#9
Outdated Solidity ^0.7.6 lacks built-in overflow protection
High
Valid
[H-06] Overflow/Underflow v...
0xj3d1
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
