The setContest
function in the ProxyFactory
contract has the potential to allow the owner to inadvertently close contests prematurely by providing a closeTime
in the past. This can lead to contests being considered closed before they even start.
The setContest
function is designed to allow the contract owner to set properties for a new contest. One of the properties that can be set is the closeTime
, which specifies when the contest is scheduled to close. However, the function includes a condition that checks whether the provided closeTime
is within a valid range:
The condition includes two parts: one that checks if the closeTime
is greater than the current block's timestamp plus a predefined maximum contest period (MAX_CONTEST_PERIOD
), and another that checks if the closeTime
is less than the current block's timestamp.
If the condition closeTime < block.timestamp
evaluates to true, the function reverts with the ProxyFactory__CloseTimeNotInRange
error. This effectively prevents contests from being registered with a closeTime
in the past.
The impact of this issue is that the contract owner could mistakenly input a closeTime for a contest that has already passed. As a result, the contest will be considered closed prematurely, even though it hasn't started yet. This can lead to confusion, inaccurate contest registration, and a disruption of the intended contest schedule.
Manual
Check that the provided closeTime
is greater than the current block's timestamp to ensure that contests are registered for future dates.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.