Sparkn

Summary

The setContest function allows the owner to set various properties for a contest, including its closing time. While there are checks to ensure the closeTime is within a maximum range, there is no validation to ensure that the contest has a minimum duration. This could potentially allow the owner to set extremely short contests, which might not give participants adequate time to participate or could be used maliciously.

Vulnerability Details

In the setContest function, the following checks are made for the closeTime:

1. It should not be more than MAX_CONTEST_PERIOD from the current timestamp.

2. It should not be before the current timestamp.

However, there's no check to ensure that the closeTime is at least a certain duration from the current timestamp. This means the owner can potentially set a contest that closes almost immediately after it's opened.

Impact

User Experience: Participants might not have enough time to participate in the contest if the duration is too short.
Potential for Manipulation: Malicious owners could exploit this to their advantage, for instance, by announcing a contest and then closing it immediately before anyone has a chance to participate.

Tools Used

Manual code review.

Recommendations

1. Introduce a MIN_CONTEST_PERIOD constant in the contract that defines the minimum duration a contest should last.

2. Modify the setContest function to include a check that ensures the closeTime is at least MIN_CONTEST_PERIOD from the current timestamp.

3. Test the updated function to ensure that it correctly enforces the minimum contest duration.