Expiry Time Validation Bypass in _createContingentPool function
Summary
The _createContingentPool function does not validate whether _expiryTime is set to a future timestamp. This omission allows a pool to be created with an already expired expiry time, leading to instant expirations and potential disruptions in the protocol’s functionality. An attacker or a negligent user could exploit this loophole to manipulate settlement processes and potentially disrupt expected contract behavior.
Vulnerability Details
Severity: High
Category: Improper Validation / Logical Flaw
Affected Function:
_createContingentPool
This vulnerability presents a high risk due to its potential to disrupt normal protocol functionality and allow for unintended financial exploits.
Impact
· Users could create pools that are instantly expired, allowing them to bypass fair market conditions.
· Malicious actors could exploit this to force unintended settlements
Tools Used
Manual
Recommendations
To mitigate this issue, enforce strict validation of _expiryTime before allowing pool creation:
By adding this check, the contract ensures that all contingent pools have a valid and meaningful expiration period, preventing immediate expirations and abuse.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.