`ContestManager::createContest` is suspicious of the reorg attacks in some EVM equivalent chains like Polygon or Optimism.
Description
The ContestManager::createContest function deploys a new Pot contract using the create opcode, where the address derivation depends only on the contract's nonce:
As stated in the contest documentation, the protocol can be deployed to any EVM Equivalent Chain, such as Optimism (https://docs.optimism.io/builders/app-developers/contracts/compatibility) or Polygon (https://docs.polygon.technology/zkEVM/spec/evm-differences/), etc. However, these chains are suspicious of the reorg attack. In the following article (see https://protos.com/polygon-hit-by-157-block-reorg-despite-hard-fork-to-reduce-reorgs/), the author explains an event from last year where there was a 157 block depth chain reorg on Polygon (5 minutes long). So, it is quite enough time to create a new Pot contract and transfer funds to that address, especially if it is done using an automated script. Optimistic rollups (Optimism) are also suspect to reorgs since if someone finds a fraud the blocks will be reverted, even though the user receives a confirmation.
Impact
The current method of deploying the Pot contracts is not secure, considering that a reorg attack could result in the theft of the claim rewards.
Given the high impact of this finding but its low likelihood, it can be rated as a medium severity issue.
Tools Used
Manual review, vscode
Recommended Mitigation
Contract deployment should be done via create2 with salt that includes msg.sender.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.