Double Funding Risk in `fundContest` Function (Missing Validation Check)
Summary
Due to lack of Proper checks in the `fundContest`, a pot can be funded multiple times, if the fundContest is unintentionally called with the same `index`
Vulnerability Details
The `fundContest` function in the `ContestManager` contract is vulnerable due to the absence of validation checks to determine if the pot has already been funded. The function does not verify whether the pot has been funded before, which could lead to unintended double funding if its called twice with the same `index`.
Impact
if the function is called multiple times with the same `index` without the proper checks to see if it was funded already, it could result in the pot being funded multiple times, leading to an excess transfer of tokens.
This could deplete the contest owner's funds and disrupt the contest's reward distribution.Tools Used
Proof of Concept
Add this test to Test to TestCut.t.sol
The test failed and didnt revert as expected.
Tools Used
Manual Review
Foundry Test
Recommendations
Add a check to ensure the pot has not funded beforerequire(!pot.isFunded(), "Pot has already been funded");require(!pot.isFunded(), "Pot has already been funded");
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.