Summary

Arrays not checked for duplicates

Vulnerability Details

There are functions that take arguments/parameters/values with array values of addresses and do not check if these addresses are duplicates before using them in function logic. Consider the following examples

ProxyFactory.sol line 81, address[] memory _whitelistedTokens does not check if could be whitelisting the same token

Distributor.sol line 92, address[] memory winners does not check if a winner has been duplicated

Impact

For the whitelisting tokens case, owner could whitelist by mistake [USDT,USDT]when intention was to whitelist [USDT, USDC] with communication to stakeholders that tokens for funding and payments are USDC and USDT which will not be the case to due to duplicate error; This results in any whitelist checks for token failing for e.g USDC in example above
if (!_isWhiteListed(token)) {revert Distributor__InvalidTokenAddress();} hence protocol not working as expected

For the case of winners, this results in a winner potentially being paid twice where in case another was missed they are not paid at all e.g intention was array winners [OxAA, 0xAB] but entries are [0xAA, 0xAA] means 0xAA paid twice whereas 0xAB not paid

Tools Used

Manual Analysis

Recommendations

It is recommended that in all cases where arrays must not have duplicates that values are checked if they have been seen before using them in function logic to avoid errors and problems explained earlier. Example could be a mapping that checks existence e.g or some other ideal duplicate checking ways