Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Immutable `Organizer` for a contest

tripathi

Summary

Whenever Sparkn get new problem/project to solve, creates a contest with a organizer, contestId, closingTime and implementation. Here organizer's job is to monitor participant offchain work and allocate percentage reward on the basis of their work and participation in contest.
Cases where Organizer is not able to perform operation or careless [in the talk with Sparkn team we found that organizer is trusted so he won't rekt the contest by messing percentage but he can be careless and doesn't do work as intended ], admin don't have choice on changing organizer role.

Vulnerability Details

Organizer is EOA which have some reputation and due to that he gets the moderator role for a contest and perform necessary operation offchain to allocate proper percentage to participants.
in the case of careless organizer protocol won't able to change organizer. Only option that is available to create new contest with different organizer but in that case prefunds by sponsor will remain in previous contest.

FLOW

Sparkn Admin got a project from Japan government and creates a contest with organizer A with a unique contest ID and a proper closing time.
As salt includes organizer A address so sponsors will send funds to proxyAddress which includes organizer A address. As Organizer A becomes careless so now admin don't have any option to change organizer for given contest other than experience next described impact on the project

Impact

Participation will be affected after seeing careless organizer and that will affect overall contest
There is one week time for distributing reward and as organizer is not performing as indented so admin will have to distribute reward
a) Admin don't have much idea of real on field work since he
was dependent on organizer. It can result in unfair
reward calculation and less participation from next
contest.
b) Participants will get their prizes late than the active
organizer
Sponsor who provide funds for perfect work completion/contest and a fair reward to participant but careless organizer's will affect Sponsor participation as well as trust on Sparkn.

Tools Used

Manual

Recommendations

salt should not be based on the organizer address
Implement an updateOrganizer which can be only called by admin (sparkn)

The whole idea to make muatable organizer for a contest that will motivate current orgainzer work properly and earn sponsors trust.

This give more control to admin over contest. Sponsors will be also happy as they will be less dependent on `Organizer'.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!