Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: medium

Functions `deployProxyAndDistributeByOwner` and ` distributeByOwner` doesn't check if the contest is closed or not.

Summary

In the contract ProxyFactory, the functions deployProxyAndDistributeByOwner and distributeByOwner doesn't check if the contest is closed or not.

Vulnerability Details

There are four functions to deploy proxy and distribute the rewards in the contract ProxyFactory. Two of these functions deployProxyAndDistribute and deployProxyAndDistributeBySignature checks the if the contest is closed or not by using the following check if (saltToCloseTime[salt] > block.timestamp) revert ProxyFactory__ContestIsNotClosed(). But other two functions deployProxyAndDistributeByOwner and distributeByOwner doesn't have this check rather those two functions only checks if contest is expired or not. This means that the owner can call these two functions even if the contest isn't closed.

Impact

The owner can distribute the rewards without even the contest is closed.

Tools Used

Manual Review

Recommendations

Add this check to mentioned functions:
if (saltToCloseTime[salt] > block.timestamp) revert ProxyFactory__ContestIsNotClosed()

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.