Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Snowman Merkle Airdrop
Submissions
AI First Flight
Snowman Merkle Airdrop
AI First Flight #10
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
May 24th, 2026 → May 24th, 2026
View repo
View results
8 / 8
Submissions
Severity
Validity
Tags
Author
#1
EIP-712 MESSAGE_TYPEHASH contains a typo (addres) that causes signature verification to always fail, permanently breaking claimSnowman()
High
Valid
[H-02] Unconsistent `MESSAG...
cybervikink
#2
mintSnowman() is callable by any address without restriction, allowing unlimited free NFT minting and bypassing the entire staking mechanism
High
Valid
[H-01] Unrestricted NFT Min...
cybervikink
#3
Global s_earnTimer in Snow.sol allows any user or buyer to permanently deny free Snow token minting to all other participants
Low
Valid
[L-02] Global Timer Reset i...
cybervikink
#4
buySnow() payment branching logic charges WETH in full and keeps any sent ETH when msg.value doesn't match the exact fee, causing double payment
Medium
Invalid
cybervikink
#5
Merkle leaf in claimSnowman() is computed from the receiver's live token balance rather than the snapshotted amount, making all proofs permanently invalid after any token movement
Medium
Valid
[M-01] DoS to a user trying...
cybervikink
#6
s_hasClaimedSnowman mapping is written but never read in claimSnowman(), leaving the anti-double-claim protection unenforced
Low
Valid
[L-01] Missing Claim Status...
cybervikink
#7
Snow.collectFee() calls bare .transfer() on the WETH token interface, bypassing the SafeERC20 wrapper already imported and used elsewhere
Low
Invalid
cybervikink
#8
getMessageHash() unconditionally reverts when the receiver holds zero Snow tokens, breaking the off-chain signature generation flow
Medium
Valid
[M-01] DoS to a user trying...
cybervikink
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
