data passed for the distribution of prices to winners is not validated, Under various function in ProxyContract.
data used in deployProxyAndDistribute.ProxyContract , deployProxyAndDistributeBySignature.ProxyContract , deployProxyAndDistributeByOwner.ProxyContract , distributeByOwner.ProxyContract , _distribute.ProxyContract get no validation before passing through internal function _distribute, if suppose their are no data currently present for any prize distribution to various ongoing contest , organizer will call one of the above mentioned function and passed any empty data list to distribute prizes to winner which can cause all the prizes to get lost due to unchecked data length and as a result no prizes will get distributed to winners i.e; contest proceed with empty data.
https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/ProxyFactory.sol#L136
https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/ProxyFactory.sol#L165
https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/ProxyFactory.sol#L191
https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/ProxyFactory.sol#L217
It is recommended to ensure data.length > 0
, either function individually can check for data length or data get checked in internal _distribute function since function calls everytime _distribute for prize distribution
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.