This report outlines a medium-level vulnerability in the reward distribution protocol used in our contest system.
Considering the situation where there is only a single participant in the contest then we will be rewarding the entire amount (95% of the total amount). So, this is not good when there is only a single person and they will be getting all the awards irrespective of the work they did in the contest, even for a very small effort they will be getting all the rewards.
The vulnerability arises from the design of the reward distribution protocol. If the contest has only a single participant, they would receive the entire reward pool, which might not align with the intended fairness and competitive nature of the contest. This scenario could occur due to low participation, leading to dissatisfaction and reduced motivation for both the single participant and potential future participants.
Also, suppose a case if not even a single participant showed interest in the contest then how we will get out the funds provided by sponsors. There is a way to get the funds out by only filling the sponsors address in winners list but that is totally irrelevant for the good will of the Sparkn protocol, even if we did this then we need to provide 5% of the amount as commission to the Stadium. So, for nothing done we are being charged.
In cases where the contest sees limited participation and only one participant competes, the contest's reputation could be tarnished. The single participant may feel unchallenged and undeserving of the entire reward.
No specific tools used
Reward the participant the amount that they deserve, and we can donate the remaining amount to charity organizations or distributing the remaining amount to their respective sponsor.
Also design a specific function which will allow to get the sponsors funding from the Proxy contract when there was no participant or winner of the contest, and to only put a minimalistic charge by the stadium on the contest organizer instead of taking 5% of the total sponsored amount.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.