Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

`ProxyFactory::distributeByOwner` does not acually validate that the proxy it calls `distribute` on has expired

Arabadzhiev

Summary

The actual proxy contract that gets called in the distributeByOwner function does not get validated for expiration.

Vulnerability Details

In the current implementation of the ProxyFactory::distributeByOwner function, the validation for whether the proxy is expired or not, is actually made on the salt, generated from the organizer, contestId and implementation function parameters. However, since the actual proxy address is a separate parameter, this check is pointless.

Impact

ProxyFactory::distributeByOwner can be called with any proxy address parameter, even if the proxy hasn't expired yet.

Tools Used

Manual review

Recommendations

To address this issue, you should derive the proxy address from the validated salt + the implementation parameter:

function distributeByOwner(
- address proxy,
address organizer,
bytes32 contestId,
address implementation,
bytes calldata data
) public onlyOwner {
- if (proxy == address(0)) revert ProxyFactory__ProxyAddressCannotBeZero();
bytes32 salt = _calculateSalt(organizer, contestId, implementation);
if (saltToCloseTime[salt] == 0) revert ProxyFactory__ContestIsNotRegistered();
// distribute only when it exists and expired
if (saltToCloseTime[salt] + EXPIRATION_TIME > block.timestamp) revert ProxyFactory__ContestIsNotExpired();
- _distribute(proxy, data);
+ _distribute(getProxyAddress(salt, implementation), data);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!