diff --git a/audit-reports/preliminary-audits/airdroperc20-claimable.md b/audit-reports/preliminary-audits/airdroperc20-claimable.md
new file mode 100644
index 000000000..aa22f074b
--- /dev/null
+++ b/audit-reports/preliminary-audits/airdroperc20-claimable.md
@@ -0,0 +1,11 @@
+This document contains details on fixes / response to the preliminary audit reports added to this repository.
+
+## [AirdropERC20Claimable](./airdroperc20-claimable.pdf)
+
+### 01: Governance: TrustedForwarder can execute claims on behalf of other addresses
+
+- The contract doesn't add a trusted-forwarder address by default. The deployer of AirdropERC20Claimable can specify which forwarder they want to use (if any), or leave as address zero.
+
+### 02: Malicious users can steal the entire balance of the contract
+
+- This refers to the possibility of a sybil attack on open/public claims, where multiple wallets can be created to claim the quantity specified by `openClaimLimitPerWallet`. To prevent this scenario or any kind of public claiming, deployer can set `openClaimLimitPerWallet` to zero when setting claim conditions during deployment.
diff --git a/audit-reports/preliminary-audits/airdroperc20-claimable.pdf b/audit-reports/preliminary-audits/airdroperc20-claimable.pdf
new file mode 100644
index 000000000..64a02af70
Binary files /dev/null and b/audit-reports/preliminary-audits/airdroperc20-claimable.pdf differ