`editPool` lack of `payoutStart` check validation open for past `payoutStart` time.
Summary
editPool lack of payoutStart check validation
Vulnerability Details
On createPool there is a check to make sure payoutStart is greater than block.timestamp
meanwhile, on editPool there is no check of this condition again, thus, there can be possibility pool can be updated to pool_.payoutStart < block.timestamp, which is not expected
understandably, the editPool can update the payoutStart if the new value is still greater than block.timestamp, but when the editPool is being executed after the payoutStart is running, the check is not suitable again, therefore we can add :
with this condition check, if the editPool is updating the past payoutStart, it should not be allowed to be changed, else, it still allowed to be changed
Impact
payoutStart is possible to be set less than block.timestamp
Tools Used
Manual analysis
Recommendations
Consider to add the code on Vulnerability Details to prevent updating invalid payoutStart
Lead Judging Commences
`editPool` function doesn't do the payoutStart check
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.