Summary

According to the docs:

"The owner can deploy proxy and distribute prizes to winners if organizer did not call the function in time."

But there is a flaw with this expectation.

Vulnerability Details

The ECDSA.recover function is using the "digest" and "signature" to verify the signers identity.

However, the signature alone is not hashed properly when being used for verification.

The digest is calculated by hashing the inputs "data" and "contestId", which forms part of the signed message.

The ECDSA.recover function expects the hashed message and the signature to correctly reconstruct the signer's address. In a secure setup, the message should include all relevant parameters that were originally signed, and the signature should be a valid signature of that hashed message.

Impact

This means the attacker can impersonate the original organizer of the contest by submitting a higher gas
price transaction with a valid signature, leading to the misappropriated and unauthorized distribution of the prizes.

An attacker could potentially use the same valid signature to call the function multiple times,
replaying the same action and disrupting the distribution of prizes.

Tools Used

Manual Review

Recommendations

Mitigation:

Include all of the relevant params being hashed to the function in line with EIP721, especaially the signature