Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: high

Organizers and sponsors will lose their money if no one participates in their contest.

Summary

Organizers and sponsors will lose their money if no one ends up participating in their contest because there is no way to get a refund according to the README.md.

Vulnerability Details

Consider the following scenario:

  • The ProxyFactory.sol owner sets a contest for Alice(organizer and sponsor):

    • Alice wants her crypto project audited.

  • Alice proceeds to pre-calculate the proxy address using the getProxyAddress() function in ProxyFactory.sol.

  • Alice sends 10000 DAI to the proxy address, this will be the prize pool.

  • The contest has ended and unfortunately no one participated in her contest.

According to the README.md:
If a contest is created and funded, there is no way to refund. This is a huge design flaw. In practice there will be problems that wont be solved. Organizers and sponsors are disincentivized to participate in the SPARKN ecosystem because they are at risk of losing their funds when no one participates in their contests.

Impact

High

Tools Used

Manual Review

Recommendations

Consider allowing refunds in cases where there are no participants.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.