Lack of Check for Existing `Pot` Contracts in `ContestManager`
Summary
The createContest function creates a new Pot contract for each contest without verifying whether an identical Pot contract already exists
Vulnerability Details
The createContest function is responsible for creating a new Pot contract for each contest using the provided players, rewards, token, and totalRewards parameters.
The function does not perform any check to determine if a Pot contract with identical parameters already exists before creating a new one.
Impact
Creating multiple Pot contracts with the same parameters consumes unnecessary gas and storage resources, leading to higher operational costs. Also users might be confused about which Pot contract to interact with, especially if they inadvertently interact with a duplicate contract. This could lead to disputes or mistakes in contest participation or reward distribution.
Tools Used
Manual Review
Recommendation
Implement a mechanism to check whether a Pot contract with identical parameters (players, rewards, token, and totalRewards) already exists before creating a new one. This could involve storing a hash of these parameters and checking if a contract with the same hash has already been created. If an identical Pot contract exists, return its address instead of creating a new one, preventing the creation of duplicates
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.