Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: medium

Premature Contest Closure via `setContest` Function

Summary

The setContest function in the ProxyFactory contract has the potential to allow the owner to inadvertently close contests prematurely by providing a closeTime in the past. This can lead to contests being considered closed before they even start.

Vulnerability Details

The setContest function is designed to allow the contract owner to set properties for a new contest. One of the properties that can be set is the closeTime, which specifies when the contest is scheduled to close. However, the function includes a condition that checks whether the provided closeTime is within a valid range:

if (closeTime > block.timestamp + MAX_CONTEST_PERIOD || closeTime < block.timestamp) {
revert ProxyFactory__CloseTimeNotInRange();
}

The condition includes two parts: one that checks if the closeTime is greater than the current block's timestamp plus a predefined maximum contest period (MAX_CONTEST_PERIOD), and another that checks if the closeTime is less than the current block's timestamp.

If the condition closeTime < block.timestamp evaluates to true, the function reverts with the ProxyFactory__CloseTimeNotInRange error. This effectively prevents contests from being registered with a closeTime in the past.

Impact

The impact of this issue is that the contract owner could mistakenly input a closeTime for a contest that has already passed. As a result, the contest will be considered closed prematurely, even though it hasn't started yet. This can lead to confusion, inaccurate contest registration, and a disruption of the intended contest schedule.

Tools Used

Manual

Recommendations

Check that the provided closeTime is greater than the current block's timestamp to ensure that contests are registered for future dates.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.