If there are multiple tokens for rewards in a competition, it may cause other tokens to be locked in the contract
Summary
If there are multiple tokens for rewards in a competition, it may cause other tokens to be locked in the contract
Vulnerability Details
According to the document description:
Let's imagine a scenario, if sponsors and organizers provide different token rewards for the competition, such as USDC, USDT, DAI. After the competition, the organizer needs to distribute the rewards to the winners.
However, in Distributor._distribute() function The function only allows to specify one token
So the organizer may need to call function deployProxyAndDistribute() multiple times to distribute different token rewards.However,Function _deployProxy() will be called every time function deployProxyAndDistribute() is called, but function _deployProxy() does not check whether the Proxy contract already exists. When the organizer wants to call function deployProxyAndDistribute() for the second time to distribute other token rewards, when the program executes to function _deployProxy() , an exception will be thrown due to the failure of address proxy = address(new Proxy{salt: salt}(implementation));, which will cause the function execution to fail
Impact
If there are multiple tokens for rewards in a competition, it may cause other tokens to be locked in the contract
Tools Used
vs code
Recommendations
I sugguest:
Check if the contract
Proxyhas been deployed in_deployProxy()The token parameter of
Distributor._distribute()can be changed to an array type
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.