Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Santa's List
Submissions
AI First Flight
Santa's List
AI First Flight #3
Beginner Friendly
Foundry
EXP
AI First Flight
EXP
Jan 12th, 2026 → Jan 14th, 2026
View repo
View results
6 / 6
Submissions
Severity
Validity
Tags
Author
#1
`SantasList::checkList` is missing the `onlySanta` modifier, allowing anyone to call the function and set `s_theListCheckedOnce` for a specified address
High
Valid
[H-01] Anyone is able to ca...
lukamm
#2
`SantasList::buyPresent` burns tokens from the `presentReceiver` instead of `msg.sender`, allowing attackers to burn victims' tokens and steal NFTs
High
Valid
[H-03] SantasList::buyPrese...
lukamm
#3
`PURCHASED_PRESENT_COST` constant is unused - `SantaToken::burn` only burns 1e18 instead of the intended 2e18
Medium
Valid
[M-01] Cost to buy NFT via ...
lukamm
#4
Malicious code in `Solmate ERC20` contract allows attacker to steal Santa tokens via the `transferFrom` function
High
Valid
[H-05] Malicious Code Injec...
lukamm
#5
Current checks in `SantasList::collectPresent` allow users with a `NICE` or `EXTRA_NICE` status to transfer their Santas list NFT to another wallet and claim again
High
Valid
[H-04] Any `NICE` or `EXTRA...
lukamm
#6
`Status` enum default value is `NICE`, allowing any unchecked address to claim presents
High
Valid
[H-02] All addresses are co...
lukamm
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
