Prizes can be lost.
Summary
data passed for the distribution of prices to winners is not validated, Under various function in ProxyContract.
Vulnerability Details
data used in deployProxyAndDistribute.ProxyContract , deployProxyAndDistributeBySignature.ProxyContract , deployProxyAndDistributeByOwner.ProxyContract , distributeByOwner.ProxyContract , _distribute.ProxyContract get no validation before passing through internal function _distribute, if suppose their are no data currently present for any prize distribution to various ongoing contest , organizer will call one of the above mentioned function and passed any empty data list to distribute prizes to winner which can cause all the prizes to get lost due to unchecked data length and as a result no prizes will get distributed to winners i.e; contest proceed with empty data.
https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/ProxyFactory.sol#L136
https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/ProxyFactory.sol#L165
https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/ProxyFactory.sol#L191
https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/ProxyFactory.sol#L217
Tools Used
Recommendations
It is recommended to ensure data.length > 0, either function individually can check for data length or data get checked in internal _distribute function since function calls everytime _distribute for prize distribution
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.