Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Nobody can't get ProxyAddress

b353n

Summary

Sponsors can't get Proxy Address before proxy is deployed and proxy can't be deployed because if organizer try to deploy he need to use function deployProxyAndDistribute which will try to distribute prizes and this will revert because:

// if there is no token to distribute, then revert

if (totalAmount == 0) revert Distributor__NoTokenToDistribute();

in Distributor.sol on function _distribute have check and if there no have tokens function will revert. So the organizator can't deploy the proxy and sponsors can't get proxy address because function _calculateSalt is internal.

Vulnerability Details

Sponsors can't predict proxy address where need to send funds because can't calculate salt with _calculateSalt which is internal.

Impact

Sponsors can't send funds to contest proxy and if organizator try to deploy it will always revert since there no have tokens for prizes.

Tools Used

Manual Review

Recommendations

To mitingate this issue make function _calculateSalt in ProxyFactory.sol public or external

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!