Sparkn

Summary

According to the provided link on "Centralization Risk for trusted owners", I believe that the Organizer also carries a centralization risk. As described in the documentation, "The sponsor Sponsor is the person providing financial support. Sponsors can be anyone, including the organizer Organizer. This implies that Organizer = Sponsor", which could potentially lead to unexpected situations.

Vulnerability Details & Impact

1. Anyone can become an organizer, including the sponsor. This gives the organizer excessive power since one person can hold multiple roles, which could lead to malicious behavior, such as distributing rewards to acquaintances or oneself, prematurely ending the competition after obtaining a solution, or in the case of sponsor = organizer, running away with the funds after obtaining a solution.

2. If supporters do not anonymize their submissions, it could result in covert operations.

3. Even though there is the possibility of off-chain identity verification for organizers, I still see a significant level of susceptibility to manipulation within this protocol.

Tools Used

• Manual Review

Recommendations

• In my understanding, Sparkn is similar to the Immunefi auditing platform.

• My suggestion is to differentiate the roles of organizer and sponsor. Similar to the @codehawks platform, anonymize the solutions submitted by each supporter. The organizer can be any auditing platform (such as @code4rena, @sherlock, @codehawks), while the sponsor should only be the project itself, such as "sparkn" or "Beedle - Oracle free perpetual lending," and should not simultaneously hold the role of organizer.