Sparkn

Summary

with out deploying the new proxy Address owner con't Access the funds why because of in the Above case when the new proxy is generated then only funds will be transfered to the winners .when there is no winners then whole funds transfer to the owner. total percentage is given to the owner address only. so now the winner is owner.with out deploying the new proxy how they can receive funds.

Vulnerability Details

function distributeByOwner(
address proxy,
address organizer,
bytes32 contestId,
address implementation,
bytes calldata data
) public onlyOwner {
if (proxy == address(0)) revert ProxyFactory__ProxyAddressCannotBeZero();
bytes32 salt = _calculateSalt(organizer, contestId, implementation);
if (saltToCloseTime[salt] == 0) revert ProxyFactory__ContestIsNotRegistered();
// distribute only when it exists and expired
if (saltToCloseTime[salt] + EXPIRATION_TIME > block.timestamp) revert ProxyFactory__ContestIsNotExpired();
_distribute(proxy, data);
}
in the Above code the Owner can't receive funds without deploying new proxy.

Impact

Owner can't receive funds.

Tools Used

manual

Recommendations

Create a new proxy Address then only transfer funds to the owner..
function distributeByOwner(
address proxy,
address organizer,
bytes32 contestId,
address implementation,
bytes calldata data
) public onlyOwner {
if (proxy == address(0)) revert ProxyFactory__ProxyAddressCannotBeZero();
bytes32 salt = _calculateSalt(organizer, contestId, implementation);
if (saltToCloseTime[salt] == 0) revert ProxyFactory__ContestIsNotRegistered();
// distribute only when it exists and expired
if (saltToCloseTime[salt] + EXPIRATION_TIME > block.timestamp) revert ProxyFactory__ContestIsNotExpired();

     ++address proxy = _deployProxy(msg.sender, contestId, implementation);

    _distribute(proxy, data);
}