Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

transferOwnership during an open contest

kiteweb3

Summary

The owner ownership can be transferred during an open contest. The new owner address can be the organizer address of the open contest.

Vulnerability Details

Transferring the ownership to the organizer reduces the number of persons allowed to the prize distribution to one. This could cause the block of the funds of the contest. In normal conditions, if the organizer doesn't distribute the price, the owner is entitled to distribute the prize after a certain period. If the owner is the same as the organizer and he/she doesn't distribute the prize, it remains blocked in the smart contract forever.

Impact

The supports don't receive the prize and the tokens remains blocked in the smart contract.

Tools Used

Manual

Recommendations

Modify the transferOwnership adding an if statement that checks the new owner address and in case it is the same as an organizer revert the function.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.