Sparkn

Summary

• Here, we are allowing sponsors to fund in any token and that token can be any token, either whitelisted or not. So there is a need to allow the sponsor to only fund in the whitelisted token.

• Also, even if the sponsor funds in any whitelisted token but at the end when we distribute price we are using only a particular token which is distributed to the winners and all the other whitelisted tokens in which the sponsor funded will remain unutilized. So, this can lead to accumulation of token funded by organizer in the proxy. There is a method which can only be used by owner to distribute the wrongly sent sponsored funds to their respective owners but it is irrelevant, why accept the tokens if they are not whitelisted. (Prevention is better than cure)

Vulnerability Details

This is high vulnerability as it can lead to wastage of funds sent by organizer.

Impact

High impact on our protocol.

Tools Used

Manual Testing

Recommendations

• The organizer should set the token for which they want to distribute prizes to the winners, and only allow fundings by sponsors for that particular token only.

• But if we say that we will distribute prizes to winners in some rounds on the basis of the tokens in which we received the funding then it can lead to injustice among the winners and not a fair distribution of the prizes.

• So, to solve this we can deploy the Proxy contract at the starting of contest and define a function in the implementation which will manage the fundings received by sponsors, and will only allow that whitelisted token selected by the organizer.