Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Snowman Merkle Airdrop
Submissions
AI First Flight
Snowman Merkle Airdrop
AI First Flight #10
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
Jun 11th, 2026 → Jun 11th, 2026
View repo
View results
7 / 7
Submissions
Severity
Validity
Tags
Author
#1
`Snowman::mintSnowman` lacks access control, allowing anyone to mint unlimited NFTs for free and bypass the entire airdrop
High
Valid
[H-01] Unrestricted NFT Min...
gondar
#2
`SnowmanAirdrop::claimSnowman` builds the Merkle leaf from live `balanceOf`, permanently locking out any eligible user whose balance changes after the snapshot
Medium
Valid
[M-01] DoS to a user trying...
gondar
#3
`SnowmanAirdrop::claimSnowman` writes `s_hasClaimedSnowman` but never checks it, letting whitelisted users claim repeatedly
Low
Valid
[L-01] Missing Claim Status...
gondar
#4
`Snow::s_earnTimer` is a single global variable instead of per-user, so one earner DoS's weekly farming for every other user
Low
Valid
[L-02] Global Timer Reset i...
gondar
#5
Malformed EIP-712 `MESSAGE_TYPEHASH` in `SnowmanAirdrop` breaks "claim on behalf" for every standard signer
High
Valid
[H-02] Unconsistent `MESSAG...
gondar
#6
`Snow::buySnow` strands ETH and double-charges in WETH when `msg.value` is not exactly the price
Low
Invalid
gondar
#7
`Snow::collectFee` uses an unchecked `i_weth.transfer`, ignoring the return value despite importing SafeERC20
Low
Invalid
gondar
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
