MyCut

Summary

The identified issue concerns the createContest function, which does not emit any event for tracking contest creation and lacks mappings or functions to retrieve contests by index. This deficiency makes it challenging to monitor and retrieve information about specific contests, especially when the index is used within the contract to reference contests.

Vulnerability Details

The createContest function is responsible for initializing new contests within the MyCut protocol. However, the function currently has the following issues:

1. No Event Emission: The function does not emit an event when a new contest is created. Events are crucial in smart contracts for tracking significant actions, enabling off-chain applications (e.g., dApps, analytics tools) to monitor and respond to contract activities.

2. No Mapping or Function to Retrieve Contest by Index: The protocol uses an index to manage contests, but there is no mapping or function to retrieve contest information based on this index. This limitation hinders the ability of users, developers, and auditors to query and interact with specific contests effectively.

Impact

Lack of Transparency: Without events, it becomes difficult to trace contest creation, which can lead to a lack of transparency and trust in the system.

Operational Challenges: The absence of a retrieval mechanism for contests by index complicates the process of managing and interacting with contests, potentially leading to errors or inefficiencies.

Tools Used

Manual Review

Recommendations

Modify the createContest function to emit an event whenever a new contest is created. The event should include relevant details such as the contest index, players, rewards, and total rewards.