FestivalPass.sol:createPerformance does not check for duration of the performance properly

Description

The function FestivalPass.sol:createPerformance only checks that the duration is greater than zero. This mean performances with and extremely short duration (e.g 1 sec) is also allowed. Given the unpredictable timing of block confirmations, such a short window can result in :

• Users being unable to participate or register attendance.

• Increased risk of race conditions, where only one or few users succeed in interacting with the contract in time.

• Potential DoS-style spamming of the platform with unusable events.

Risk

Likelihood:

• In a blockchain environment where transactions are confirmed with delays, short durations are inherently prone to race conditions or failures for participants.

• It is very easy for an organizer (malicious or negligent) to create a performance with a duration of 1–2 seconds.

Impact:

• Performances lasting for 1 or 2 seconds could make it impossible for most users to interact

• Malicious organizers could create many ultra-short performances that clog up event listings without offering meaningful participation opportunities.

Proof of Concept

Recommended Mitigation

Add a minimum duration threshold for performance for both minumum and maximum allowed duration for any performance