Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Snowman Merkle Airdrop
Submissions
AI First Flight
Snowman Merkle Airdrop
AI First Flight #10
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
Jun 11th, 2026 → Jun 11th, 2026
View repo
View results
10 / 10
Submissions
Severity
Validity
Tags
Author
#1
`Snowman.mintSnowman` has no access control — anyone can mint unlimited NFTs to any address
High
Valid
[H-01] Unrestricted NFT Min...
ny2
#2
`Snowman.mintSnowman` violates the Checks-Effects-Interactions(CEI) pattern by incrementing `s_TokenCounter` after an external callback exposing stale token state
Low
Invalid
ny2
#3
`Snowman::mintSnowman` performs a costly storage write to `s_TokenCounter` on every loop iteration making batch NFT minting unnecessarily expensive for users
Low
Invalid
ny2
#4
`SnowmanAirdrop::claimSnowman` sets `s_hasClaimedSnowman` mapping but never reads it allowing unlimited repeated claims
Low
Valid
[L-01] Missing Claim Status...
ny2
#5
`SnowmanAirdrop::MESSAGE_TYPEHASH` contains typo `"addres"` instead of `"address"` breaking all standard EIP-712 signature verification
High
Valid
[H-02] Unconsistent `MESSAG...
ny2
#6
`Snow::s_earnTimer` is a single global variable instead of a per-user mapping allowing only one user to earn free Snow per week
Low
Valid
[L-02] Global Timer Reset i...
ny2
#7
`buySnow` uses strict equality for ETH check — any imprecise ETH payment permanently locks funds and also charges WETH
Medium
Invalid
ny2
#8
`Snow::earnSnow` and `Snow::collectFee` modify state but never emit their declared `SnowEarned` and `FeeCollected` events
Low
Invalid
ny2
#9
`SnowmanAirdrop::claimSnowman` computes Merkle leaf from live token balance instead of fixed allocation permanently locking users whose balance changed
Medium
Valid
[M-01] DoS to a user trying...
ny2
#10
`SnowmanAirdrop::claimSnowman` EIP-712 delegation signatures have no nonce or deadline making them permanently valid and irrevocable once issued
Low
Invalid
ny2
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
