Possibility of arbitrary execution by low-level call.
The _deployProxyAndDistribute
function and others call the _distribute function.
The _distribute
function makes a low-level call to the function specified by implemention with the data argument.
The salts required for execution are registered by the onlyOwner setContest
function, which is assumed to be basically safe, but if it is slipped through, arbitrary functions can be executed.
Calling any function of any contract with ProxyFactory as msg.sender.
Manual Review
Whitelisting of implemention addresses.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.