Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Santa's List
Submissions
AI First Flight
Santa's List
AI First Flight #3
Beginner Friendly
Foundry
EXP
AI First Flight
EXP
May 20th, 2026 → May 20th, 2026
View repo
View results
7 / 7
Submissions
Severity
Validity
Tags
Author
#1
Anyone is able to call `checkList` function in SantasList contract and prevent any address from becoming `NICE` or `EXTRA_NICE` and collect present.
High
Valid
[H-01] Anyone is able to ca...
patonguch
#2
All addresses are considered `NICE` by default and are able to claim a NFT through `collectPresent` function before any Santa check.
High
Valid
[H-02] All addresses are co...
patonguch
#3
SantasList::buyPresent burns token from presentReceiver instead of caller and also sends present to caller instead of presentReceiver.
High
Valid
[H-03] SantasList::buyPrese...
patonguch
#4
Any `NICE` or `EXTRA_NICE` user is able to call `collectPresent` function multiple times.
High
Valid
[H-04] Any `NICE` or `EXTRA...
patonguch
#5
Malicious Code Injection in solmate ERC20 Contract inside `transferFrom` function which is inherited in `SantaToken`
High
Valid
[H-05] Malicious Code Injec...
patonguch
#6
Malicious Test potentially allowing data extraction from the user running it
High
Valid
[H-06] Malicious Test poten...
patonguch
#7
Cost to buy NFT via SantasList::buyPresent is 2e18 SantaToken but it burns only 1e18 amount of SantaToken
Medium
Valid
[M-01] Cost to buy NFT via ...
patonguch
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
