Summary

The current implementation allows an organizer to sign "someone" to help them submit the request for a contest, but there are currently no integration of deadlines of these signatures

Vulnerability Detail

See summary, additionally do note that even if someone is trusted and would act as organizer suggests, i.e organizer relays to them that they no longer would like to create the request another person can just go ahead and forward the meta tx.

Additionally one would ask that how does another person get a hold of the meta tx, but the SparkN's contest onboarding video the teams have hinted that the meta transactions are implemented to help non-tech savvy users, what this means is that CodeFox would probably have a specific entity/entities that help with this and someone can just watch them on-chain to see whatever tx they receive

Impact

Lack of deadlines on signed meta txs means a request is signed for life, which arguably is not the right way to operate

Tool used

Manual Audit

Recommendation

Refactor code to integrate deadlines/revokes on signatures