Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Thunder Loan
Submissions
AI First Flight
Thunder Loan
AI First Flight #7
Beginner Friendly
Foundry
DeFi
Oracle
EXP
AI First Flight
EXP
Jul 4th, 2026 → Jul 5th, 2026
View repo
View results
8 / 8
Submissions
Severity
Validity
Tags
Author
#1
Storage-layout collision in the upgrade corrupts the flash-loan fee from 0.3% to 100%
High
Valid
[H-01] Storage Collision du...
drak3p14159
#2
# A borrower can `deposit()` instead of `repay()` inside a flash loan and steal the pool's liquidity
High
Valid
[H-04] All the funds can be...
drak3p14159
#3
# `deposit()` inflates the exchange rate as if a fee was earned, making liquidity unredeemable
High
Valid
[H-02] Updating exchange ra...
drak3p14159
#4
Flash-loan fee is priced off a manipulable TSwap spot price, letting borrowers slash the fee they pay
Medium
Valid
[M-02] Attacker can minimiz...
drak3p14159
#5
Fee-on-transfer tokens (in-scope: USDT/STA/PAXG) make flash loans permanently revert
Medium
Invalid
drak3p14159
#6
# `initialize()` is unprotected and left uncalled by the deploy script, letting an attacker front-run it to seize ownership
Low
Invalid
drak3p14159
#7
# `getCalculatedFee` rounds down to zero for small borrows, giving free flash loans
Low
Valid
[L-01] getCalculatedFee can...
drak3p14159
#8
# `updateFlashLoanFee` permits a fee of up to 100% of the borrowed value
Low
Invalid
drak3p14159
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!