Sparkn

Summary

The current implementation of the setContest function restricts the creation of contests to the owner, whereas the documentation suggests that organizers should have the ability to create contests.

Vulnerability Details

In the code for the contract ProxyFactory.sol, the setContest function, access control is limited to only the owner. This is contrary to the documented functionality where organizers are expected to create contests. The code includes the onlyOwner modifier, which prevents organizers from setting contest properties.

According to the documentation:

There are mainly 3 roles in the protocol.

Organizer: The person who creates the contest and he is responsible for distributing the prizes to the winners. We also sometimes call this role "innovator".

Sponsor: the person who is willing to fund the contest. Sponsor can be anyone include the organizer.

Supporter: the person who is willing to help solve the problem. Winners are selected from the supporters.

Owner: The administrator of the protocol.

Impact

The impact of this issue is that it limits the protocol's intended flexibility. Organizers, who are supposed to have the capability to create contests, are currently unable to do so. This misalignment between the code and the documentation can lead to confusion and hinder the expected usage of the protocol.

Tools Used

Manual Review

Recommendations

To align the code with the documented functionality and allow organizers to create contests.