Sparkn

Summary

In the ProxyFactory contract there are setContest() and deployProxyAndDistribute() functions.
The setContest() function is responsible for setting and recording the properties of a contest.
The deployProxyAndDistribute() function deploy a Proxy Contract (it creates a proxy contract for a specific contest using a unique combination of the contest organizer, contest ID, and implementation address) and after that distribute prizes (once the proxy contract is deployed, it then distributes the prizes based on the provided data).

Vulnerability Details

The setContest() function allows the contest organizer to set the closeTime of a contest, and the only checks in place are:

1. The closeTime SHOULD BE in the future (i.e., greater than the current block.timestamp).

2. The closeTime should not exceed block.timestamp + MAX_CONTEST_PERIOD.

However in the deployProxyAndDistribute() function contains the following check:

This check ensure that the saltToCloseTime[salt] (closeTime) shoul be in the past which doesn't make sense.

Also, there's no lower bound set to ensure that the closeTime isn't set too close to the current block timestamp. This allows an organizer to potentially set the closeTime for immediate closure.

Subsequently, the deployProxyAndDistribute() function checks whether the contest's closeTime (found using the salt) has already passed before distributing the prizes. Given the previous setting, this allows for rapid prize distribution.

Impact

The impact of this vulnerability is significantly broken logic.

Tools Used

Manual code review.

Recommendations

1. Change the logic in deployProxyAndDistribute() function to this:

2. Set a Minimum Time: Introduce a minimum threshold for the closeTime in the setContest() function to prevent immediate closure of contests.

3. Adjustment Mechanism: Allow administrators or the contract owner to adjust or invalidate a contest if rapid or suspicious behavior is detected.