Insufficient Funds in Contests May Result in Unpaid Supporters
Summary
Contests are set up with the possibility that there might not be enough funds or no sponsors at all. Supporters might join without knowledge of the sponsored amount and perform services. However, there might not be any compensation for their services.
Vulnerability Details
When a contest is set up, sponsors are supposed to fund the project while supporters are performing the services. Supporters might do the services thinking that funds are on the way. But there might not get paid enough for their services.
POC: Unpaid Supporters due to Insufficient Funds
Setup:
Owner initiates a new Contest.
Sponsors may or may not fund it.
Supporters, believing the contest is funded or will get funded, begin resolving challenges.
The contest isn't fully funded or funded at all, so the proxy isn't deployed. The organizer decide to not deploy the proxy.
The expiration period passes without the proxy being deployed. The owner calls the
deployProxyAndDistributeByOwnerfunction.Problem: The challenges are getting resolved. But the supporters are not getting paid or paid enough for their services.
Impact
Loss for the supporters their services are not compensated enough.
This can lead to a lack of trust in the protocol, discouraging supporters from participating in future contests.
Tools Used
Manual Review
Recommendations
Ensure that a minimum funding threshold is met before allowing supporters to proceed with their submissions. That way they are sure that at least they will be compensated with a minimal funding amount.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.