Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Santa's List
Submissions
AI First Flight
Santa's List
AI First Flight #3
Beginner Friendly
Foundry
EXP
AI First Flight
EXP
Feb 22nd, 2026 → Feb 22nd, 2026
View repo
View results
7 / 7
Submissions
Severity
Validity
Tags
Author
#1
[H-01] `checkList()` missing `onlySanta` modifier — anyone can manipulate the naughty/nice list
High
Valid
[H-01] Anyone is able to ca...
webrainsec
#2
[H-02] `buyPresent()` burns the receiver's tokens and mints the NFT to the caller — both arguments are reversed
High
Valid
[H-03] SantasList::buyPrese...
webrainsec
#3
[H-03] Default enum value `NICE` (0) lets any unchecked address collect presents
High
Valid
[H-02] All addresses are co...
webrainsec
#4
[H-04] `collectPresent()` already-collected check uses transferable NFT balance — unlimited minting
High
Valid
[H-04] Any `NICE` or `EXTRA...
webrainsec
#5
[H-05] Backdoor in `solmate-bad` ERC20 — hardcoded address bypasses allowance in `transferFrom`
High
Valid
[H-05] Malicious Code Injec...
webrainsec
#6
[M-01] `buyPresent()` charges 1e18 SantaTokens instead of the documented `PURCHASED_PRESENT_COST` (2e18)
Medium
Valid
[M-01] Cost to buy NFT via ...
webrainsec
#7
[L-01] `collectPresent()` does not check `s_theListCheckedTwice` for `NOT_CHECKED_TWICE` — single-check users collect presents
Low
Invalid
webrainsec
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
