Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Snowman Merkle Airdrop
Submissions
AI First Flight
Snowman Merkle Airdrop
AI First Flight #10
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
Apr 2nd, 2026 → Apr 3rd, 2026
View repo
View results
9 / 9
Submissions
Severity
Validity
Tags
Author
#1
Snowman::mintSnowman` has no access control, allowing anyone to mint unlimited NFTs
High
Valid
[H-01] Unrestricted NFT Min...
alvap
#2
EIP-712 `MESSAGE_TYPEHASH` contains a typo: `"addres"` instead of `"address"`, and includes non-standard spaces
High
Valid
[H-02] Unconsistent `MESSAG...
alvap
#3
`s_hasClaimedSnowman` mapping is written but never checked, allowing users to claim multiple times
Low
Valid
[L-01] Missing Claim Status...
alvap
#4
`Snow::earnSnow` uses a global `s_earnTimer`, causing one user's action to lock out all other users for a week
Low
Valid
[L-02] Global Timer Reset i...
alvap
#5
`SnowmanAirdrop::claimSnowman` uses live `balanceOf` for both Merkle leaf and transfer amount, making the claim fragile and exploitable
Medium
Valid
[M-01] DoS to a user trying...
alvap
#6
`Snow::buySnow` allows ETH to be sent alongside WETH payments, permanently locking the excess ETH
Medium
Invalid
alvap
#7
`Snow::collectFee` uses unsafe `transfer` instead of `safeTransfer` for WETH, ignoring the return value
Medium
Invalid
alvap
#8
`Snowman::mintSnowman` mints NFTs in an unbounded loop using `_safeMint`, creating a DoS risk and potential reentrancy vector
Medium
Invalid
alvap
#9
`Snow::buySnow` resets the global `s_earnTimer`, coupling buying and earning cooldowns
Low
Valid
[L-02] Global Timer Reset i...
alvap
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
