Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Snowman Merkle Airdrop
Submissions
AI First Flight
Snowman Merkle Airdrop
AI First Flight #10
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
Jun 17th, 2026 → Jun 17th, 2026
View repo
View results
8 / 8
Submissions
Severity
Validity
Tags
Author
#1
Snowman.mintSnowman has no access control — anyone can mint unlimited NFTs bypassing the airdrop
High
Valid
[H-01] Unrestricted NFT Min...
fishyyh
#2
EIP-712 MESSAGE_TYPEHASH contains typo 'addres' — standard wallet signatures always fail, third-party claim permanently broken
High
Valid
[H-02] Unconsistent `MESSAG...
fishyyh
#3
Snow.buySnow silently keeps excess ETH when WETH payment path is taken — user funds permanently lost
Medium
Invalid
fishyyh
#4
Merkle leaf computed from dynamic balanceOf instead of snapshot amount — any Snow transfer permanently DoSes legitimate claimers
Medium
Valid
[M-01] DoS to a user trying...
fishyyh
#5
SnowmanAirdrop.claimSnowman never reads s_hasClaimedSnowman — the same receiver can claim multiple times after re-acquiring Snow
Low
Valid
[L-01] Missing Claim Status...
fishyyh
#6
Snow.earnSnow mints 1 wei (1e-18 Snow) instead of 1 full token — users receive negligible weekly rewards
Medium
Invalid
fishyyh
#7
Snowman.mintSnowman iterates up to balanceOf times — large Snow balance causes out-of-gas and permanent claim failure
Medium
Invalid
fishyyh
#8
Snow.collectFee calls ERC20.transfer without checking return value — non-standard tokens silently fail
Low
Invalid
fishyyh
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
