Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Puppy Raffle
Submissions
AI First Flight
Puppy Raffle
AI First Flight #1
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
Jun 15th, 2026 → Jun 15th, 2026
View repo
View results
10 / 10
Submissions
Severity
Validity
Tags
Author
#1
Reentrancy in refund: the ETH is sent before the player slot is zeroed, letting a malicious player drain the entire raffle balance
High
Valid
[H-02] Reentrancy Vulnerabi...
sub99
#2
refund violates checks-effects-interactions, so a reentrant attacker repeatedly refunds the entrance fee until the contract is emptied
High
Valid
[H-02] Reentrancy Vulnerabi...
sub99
#3
selectWinner derives the winner from predictable on-chain values (msg.sender, block.timestamp, block.difficulty), so the winner can be precomputed and forced
High
Valid
[H-03] Randomness can be gamed
sub99
#4
selectWinner pushes the prize to winner.call before minting; a winner contract that rejects ETH permanently bricks winner selection and the raffle
Medium
Valid
[M-03] Impossible to win ra...
sub99
#5
totalFees is a uint64 incremented under Solidity 0.7.6 (no overflow checks) with an unchecked uint64(fee) cast, so accumulated fees silently overflow/truncate
Medium
Invalid
sub99
#6
enterRaffle runs an O(n^2) duplicate check, so gas grows quadratically and later entrants are denied service as the player list grows
Medium
Valid
[M-01] `PuppyRaffle: enterR...
sub99
#7
withdrawFees requires address(this).balance == totalFees, which an attacker can break forever by force-sending ETH (selfdestruct), locking all fees
Medium
Invalid
sub99
#8
Puppy rarity is derived from predictable randomness (msg.sender, block.difficulty), so an attacker can grind the call to mint a legendary NFT on demand
Medium
Invalid
sub99
#9
getActivePlayerIndex returns 0 both for the player at index 0 and for a non-existent player, so player 0 cannot distinguish active status and may fail to refund
Low
Valid
[L-01] Ambiguous index retu...
sub99
#10
Unsafe uint64(fee) cast truncates large fees and the unused _isActivePlayer is dead code, reducing correctness and clarity
Low
Invalid
sub99
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
