Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Snowman Merkle Airdrop
Submissions
AI First Flight
Snowman Merkle Airdrop
AI First Flight #10
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
Mar 16th, 2026 → Mar 16th, 2026
View repo
View results
10 / 10
Submissions
Severity
Validity
Tags
Author
#1
`Snowman::mintSnowman` has no access control - anyone can mint unlimited NFTs
High
Valid
[H-01] Unrestricted NFT Min...
cymans
#2
`Snow::s_earnTimer` is global instead of per-user - one user blocks all others from earning
Low
Valid
[L-02] Global Timer Reset i...
cymans
#3
`MESSAGE_TYPEHASH` has typo "addres" - EIP-712 signature verification is broken
High
Valid
[H-02] Unconsistent `MESSAG...
cymans
#4
`Snow::buySnow` allows `amount = 0` enabling free griefing of global earn timer
Low
Valid
[L-02] Global Timer Reset i...
cymans
#5
`SnowmanAirdrop::s_claimers` array is declared but never populated
Low
Invalid
cymans
#6
`Snow::collectFee` uses unchecked `transfer` instead of `safeTransfer` for WETH
Low
Invalid
cymans
#7
`SnowmanAirdrop::s_hasClaimedSnowman` is set but never checked - no double-claim prevention
Low
Valid
[L-01] Missing Claim Status...
cymans
#8
`Snow::buySnow` - ETH sent with mismatched fee is not refunded, user loses ETH and also pays WETH
Low
Invalid
cymans
#9
`Snow::earnSnow` does not emit the declared `SnowEarned` event
Low
Invalid
cymans
#10
`Snowman::tokenURI` contains unreachable code - `ownerOf` reverts before returning `address(0)`
Low
Invalid
cymans
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
