Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Certain conditions should utilize the 'greater than or equal to' (>=) operator rather than the 'greater than' (>) operator.

WhiteRose

Summary

Several verifications use the ">" operator instead of ">=", leaving the condition open when the expiration time is not yet reached.

Vulnerability Details

During the execution of setContest, the closeTime can be set to MAX_CONTEST_PERIOD, indicating that the entire expiration time is utilized. Consequently, when deploying a proxy, it is crucial to secure the following:

if (saltToCloseTime[salt] > block.timestamp) revert ProxyFactory__ContestIsNotClosed();

However, if saltToCloseTime[salt] equals block.timestamp, this function will not revert when is not yet finished.

Impact

The proxy can be deployed and distributed while the MAX_CONTEST_PERIOD is still ongoing.

Tools Used

Manual code review.

Recommendations

We recommend the following modification to your smart contract code:

- if (saltToCloseTime[salt] > block.timestamp) revert ProxyFactory__ContestIsNotClosed();

+ if (saltToCloseTime[salt] >= block.timestamp) revert ProxyFactory__ContestIsNotClosed();

This change is suggested for the four issues mentioned in the audit report.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.