Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

`ProxyFactory.deployProxyAndDistribute()` does not allow organizers to immediately end their contests and distribute awards

0xDetermination

Summary

The inline comment in ProxyFactory.deployProxyAndDistribute() states "can set close time to current time and end it immediately if organizer wish". However, the protocol does not allow for this.

Vulnerability Details

Note that:

Contest close times are only set in the setContest() function
setContest() does not allow setting a contest's close time to zero
A contest's close time can only be set once due to a nonzero check in setContest(), which causes a revert if the contest's close time is nonzero
deployProxyAndDistribute() reverts if the contest's close time is greater than block.timestamp

Therefore, it is impossible for organizers to immediately end their contests.

Impact

No funds are at risk, but the protocol does not function as documented/intended. Organizers are unable to end contests early.

Tools Used

Manual Review

Recommendations

Refactor or remove the relevant revert statement in ProxyFactory.deployProxyAndDistribute() so that organizers can end contests early.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!