The owner might inadvertently provide the proxy address of a different salt.
Summary
Vulnerability Details
Vulnerable code:
Patch:
The vulnerability stems from the absence of validation in the original code regarding whether the provided proxy address aligns with the expected salt and implementation. This deficiency opens the door for the owner to inadvertently supply a proxy address that does not correspond to the calculated salt and implementation. Consequently, there exists a risk wherein the distribution process could operate on a proxy unintended for the current operation. This situation could lead to unintended outcomes, such as erroneous token transfers or other actions not intended by the owner.
Impact
mistakenly passed proxy address might not necessarily be expired according to the logic of the saltToCloseTime mapping. This introduces the potential for a loss of funds if the mistakenly provided proxy address is still active and accessible.
Also, the expired contest also can passed, with the income.
Severity: Medium
Impact: HIGH
LikelyHood: Low
Tools Used
Recommendations
The function should call the getProxyAddress function for cross check.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.