Organizers can rug pull sponsors and potential winners by distributing funds to their own accounts
Summary
A potential issue involves organizers having the ability to manipulate contests by diverting funds intended for rightful winners into their own accounts.
Vulnerability Details
Organizers rug pull will damage the Protocol's image/reputation
Scenario 1:
In this situation, the organizer initiates a contest, funds the contract, and garners support from participants. Upon completion, rather than paying the deserving winner, the organizer redirects the payment to their personal account. Consequently, only the efforts of the rightful winners are undermined.
Scenario 2:
This scenario is even more hazardous. The organizer commences the contest and secures funding from sponsors; participants invest their efforts with the anticipation of fair rewards. However, upon successful completion, the organizer once again diverts the payment to their personal account, resulting in a double loss: both the hard-earned rewards of the winners and the financial support from sponsors are misappropriated.
Impact
Rug Pull
Erosion of Protocol's Credibility
Tools Used
Recommendations
Protocol starts the contests so it should end it as well. Don't allow organizers to distribute funds. The protocol should handle the reward distribution. Or store winners data on-chain.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.