The organizer can scam winners and not send funds that he has to
Summary
This report highlights a critical vulnerability within the current system used for organizing contests or events. The vulnerability revolves around the potential for organizers to exploit their position by scamming legitimate winners and withholding the funds or rewards that are rightfully due to them.
Vulnerability Details
The vulnerability stems from the organizer's ability to control the selection of winners and the associated prize distribution. In essence, the organizer holds the power to designate certain addresses as winners. This control over the winner selection process opens the door to a malicious scenario where the organizer could dishonestly declare their own controlled addresses as winners, allowing them to siphon off funds or rewards without anyone's knowledge.
Impact
Organizer can scam winners and not send funds that he have to
Tools Used
Manual Review
Recommendations
Implement a decentralized winner selection process that involves multiple parties, such as an impartial committee or randomly selected validators. This prevents a single organizer from having sole control over the winner selection, reducing the risk of manipulation.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.