Sparkn

Summary

SetContest function can be front-runned and denied to provide service due to block.timestamp manipulations by miners.

Vulnerability Details

Although it does not give much incentive to the miners there might be the cases in future where some miners
can prevent the execution of the setContest method for their benefit.

The function uses block.timestamp which can be manipulated by the miners.
They can either set it to very low or very high value.
This will make the following condition get True and execute revert.

ProxyFactory#setContest

Impact

• The owner will be unable to set the details of any contest causing a denial of the service of the platform

Tools Used

Manual review

Recommendations

Keep in mind that block.timestamp can be manipulated and craft the closeTime condition accordingly.

One thing we can do is cache the last timestamp value of successful deployment.

And compare the last one with the close Time.

If the last value is greater than that of the current blocktimestamp , we surely know that it has been manipulated and we just allow the contest to be created.

For the case when block.timestamp is manipulated to a really high value like months, we can set a threshold like 5 days, if the last block.timestamp was 5 days ago or even 10( set this value based upon the perceived usage or maybe make a setter function to set its price later according to usage history)

and then allow contest creation if the current timestamp is far more than estimated.