Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Santa's List
Submissions
AI First Flight
Santa's List
AI First Flight #3
Beginner Friendly
Foundry
EXP
AI First Flight
EXP
Apr 6th, 2026 → Apr 13th, 2026
View repo
View results
6 / 6
Submissions
Severity
Validity
Tags
Author
#1
`SantaList::checkList` is missing `onlySanta` modifier, allowing anybody to set any address's status
High
Valid
[H-01] Anyone is able to ca...
phylax
#2
Hardcoded backdoor in ERC20::transferFrom allows 0x815F...AF17 to steal any user's SantaTokens without approval
High
Valid
[H-05] Malicious Code Injec...
phylax
#3
SantasList::buyPresent burns tokens from the receiver instead of the caller and mints the NFT to the caller instead of the receiver
High
Valid
[H-03] SantasList::buyPrese...
phylax
#4
Solidity default enum value of 0 maps to Status.NICE, allowing any unchecked address to collect presents
High
Valid
[H-02] All addresses are co...
phylax
#5
SantasList::buyPresent burns 1e18 SantaTokens instead of the intended 2e18 (PURCHASED_PRESENT_COST)
Medium
Valid
[M-01] Cost to buy NFT via ...
phylax
#6
Solidity pragma version mismatch between protocol (0.8.22) and OpenZeppelin ERC721 dependency (^0.8.24) prevents compilation
Low
Invalid
phylax
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
