Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Lack of Input Validation in setContest Function()

mylifechangefast

Summary

The setContest() lacks proper input validation for it parameters, potentially exposing the contract to vulnerabilities.

Vulnerability Details

1 Invalid Address: without a proper validation, the setContest() could accept invalid address for the organizer and inplementation parameters. This might allow attackers to create contest with unauthorized or non-existent organizers or use malicious implementations.

2 ConstestID Manipulation: The absence of check on the contestId parameter could allow attackers to set contest IDs in unexpected formats, potentially causing conflicts or misrepresentation of contests.

Impact

Invalid contest IDs could result in data corruption or misinterpretation, leading to incorrect contest outcomes and rewards.
Attackers could exploit the lack of address validation to create contests with unauthorized participants or malicious implementations, compromising the integrity of the contests.

Tools Used

VScode

Recommendations

Implement robust input validation checks for the setContest function to prevent potential exploits. By adding proper validation, the contract can be safeguarded against potential misuse and vulnerabilities.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.