Potential for a single entity to influence results
Summary
The platform might allow a single entity to create multiple accounts and influence results.
Vulnerability Details
POC: Influencing Outcomes with Multiple Accounts
Setup:
-
Owner sets up a new Contest
-
Sponsors fund the contest
-
A single entity/supporter creates multiple accounts and submits slightly varied solutions.
-
The owner calls the
deployProxyAndDistributeByOwneror the organizer calls thedeployProxyAndDistributefunction by choosing the winners. The winners list ends up contaning a lot of that entity addresses. -
Problem: This entity ends up dominating the winners' list, gathering a significant portion of the rewards.
Impact
Genuine participants are left with fewer rewards.
The platform's reputation is compromised due to lack of fairness.
Tools Used
Manual review
Recommendations
Implement mechanisms like one account per ID or device, or KYC procedures to ensure one individual doesn't operate multiple accounts.
Introduce patterns or heuristics to detect and flag suspicious accounts.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.