Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Santa's List
Submissions
AI First Flight
Santa's List
AI First Flight #3
Beginner Friendly
Foundry
EXP
AI First Flight
EXP
Mar 5th, 2026 → Mar 11th, 2026
View repo
View results
6 / 6
Submissions
Severity
Validity
Tags
Author
#1
Unchecked addresses can claim presents because both status mappings default to `NICE`
High
Valid
[H-02] All addresses are co...
kode_n_rolla
#2
Users can bypass the one-claim limit by transferring their NFT away and calling `collectPresent()` again
High
Valid
[H-04] Any `NICE` or `EXTRA...
kode_n_rolla
#3
`buyPresent()` lets any caller burn another user’s SantaTokens and mint the present NFT for themselves
High
Valid
[H-03] SantasList::buyPrese...
kode_n_rolla
#4
Any address can overwrite the first-pass status after Santa approval and permanently block present claims
High
Valid
[H-01] Anyone is able to ca...
kode_n_rolla
#5
Any address can front-run `checkTwice()` and force Santa’s second-pass approval to revert
High
Valid
[H-01] Anyone is able to ca...
kode_n_rolla
#6
`buyPresent()` charges only `1e18` SantaToken even though the configured purchase cost is `2e18`
Medium
Valid
[M-01] Cost to buy NFT via ...
kode_n_rolla
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
