Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Malicious Organizer can distribute prizes to their own people as their no data of winners on-chain.

shikhar229169

Summary

As the data of winners is not stored on-chain, so there is a high risk of malicious organizers being in the protocol and can betray the winners and send all the winnings to their own people.

Vulnerability Details

This is a high vulnerability as it involves getting the data from any off-chain source for which we don't have any proof.

Impact

It will have a negative impact on the reputation of our protocol.

Tools Used

Manual Testing

Recommendations

Also we can make the organizer to stake on the ProxyFactory contract with some amount and only after verification by the officials of Sparkn protocol that the winners are genuine, we can refund the staked amount of organizer to them.
We can involve zk-proof to verify the identity of the organizer and then only allow them to set up their contest.
We should not trust anyone, always verify.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!