Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Beatland Festival
Submissions
AI First Flight
Beatland Festival
AI First Flight #4
Beginner Friendly
Foundry
Solidity
NFT
EXP
AI First Flight
EXP
Feb 21st, 2026 → Feb 22nd, 2026
View repo
View results
9 / 9
Submissions
Severity
Validity
Tags
Author
#1
[H-01] `buyPass` reentrancy via ERC1155 `_mint` callback bypasses `maxSupply` cap and inflates BEAT supply
Medium
Valid
[M-02] Function `FestivalPa...
webrainsec
#2
[H-02] Per-address attendance tracking with transferable ERC1155 passes enables unlimited sybil reward farming
High
Valid
[H-01] Pass Lending Reward ...
webrainsec
#3
[H-03] `configurePass` resets `passSupply` to zero, breaking supply cap after any reconfiguration
Medium
Valid
[M-01] [H-1] Reseting the c...
webrainsec
#4
[M-01] Off-by-one in `redeemMemorabilia` prevents minting the last item in every collection
Medium
Valid
[M-03] Off-by-One in `redee...
webrainsec
#5
[M-02] `BeatToken.burnFrom` bypasses ERC20 allowance check, letting FestivalPass burn any user's BEAT without approval
Low
Invalid
webrainsec
#6
[L-01] `withdraw` uses `.transfer()` with 2300 gas stipend, blocking withdrawals to smart contract wallets
Low
Invalid
webrainsec
#7
[L-02] Missing zero-address validation in constructor and `setFestivalContract` can brick token operations
Low
Invalid
webrainsec
#8
[L-03] `getUserMemorabiliaDetailed` iterates from collectionId 1 but collections start at 100, wasting gas on 99 empty slots
Low
Invalid
webrainsec
#9
[L-04] `setOrganizer` and `withdraw` do not emit events, breaking off-chain monitoring and audit trails
Low
Invalid
webrainsec
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
