Sparkn

Summary

The setContest function is onlyOwner. And it can lead the owner to pass wrong organizer address or the implementation address and thus creating a hurdle at the end.
And also the closeTime should be greater than some value (something like a contest should be of minimum a day or defined by the owner).

Impact

Medium

Tools Used

Manual

Recommendations

• So we can make a function for the organizer which will allow them to create a request on the proxyFactory contract and currently it will be in Submitted State and once the Owner accepts it we will move it to the Approved state and then only other related functionality for that contest can be executed.

• Also, the implementation contract is being passed as a parameter, as it is a repetitive because we are only performing delegate call on the implementation so we can store that in a variable and can take it from there.

• This way we can prevent passing of wrong argument.

• And to prevent sybil attack we can use zk-proofs to only allow verified organizers.

• And for closeTime check, we can add a MIN_CONTEST_PERIOD. So we can have a check that closeTime should always be greater than or equal to (block.timestamp + MIN_CONTEST_PERIOD).