Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Santa's List
Submissions
AI First Flight
Santa's List
AI First Flight #3
Beginner Friendly
Foundry
EXP
AI First Flight
EXP
May 28th, 2026 → May 28th, 2026
View repo
View results
7 / 7
Submissions
Severity
Validity
Tags
Author
#1
Default Status enum value is NICE, allowing anyone to free-mint NFTs without being checked by Santa
High
Valid
[H-02] All addresses are co...
verdoolaegelouis
#2
checkList is missing the onlySanta modifier, allowing anyone to grief any user's status
High
Valid
[H-01] Anyone is able to ca...
verdoolaegelouis
#3
buyPresent burns the recipient's tokens instead of the caller's, letting anyone destroy any user's SantaToken balance
High
Valid
[H-03] SantasList::buyPrese...
verdoolaegelouis
#4
buyPresent mints the NFT to msg.sender instead of presentReceiver
High
Valid
[H-03] SantasList::buyPrese...
verdoolaegelouis
#5
buyPresent charges 1e18 instead of the documented PURCHASED_PRESENT_COST = 2e18
Medium
Valid
[M-01] Cost to buy NFT via ...
verdoolaegelouis
#6
collectPresent balance check is bypassable by transferring the NFT, allowing unlimited mints by EXTRA_NICE users
High
Valid
[H-04] Any `NICE` or `EXTRA...
verdoolaegelouis
#7
Reentrancy via _safeMint ERC721 receiver callback in collectPresent
High
Valid
[H-04] Any `NICE` or `EXTRA...
verdoolaegelouis
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
