Single owner controls winner selection
Root + Impact
Description
A single owner address has unilateral control over winner selection. This creates a single point of failure where users must place complete trust in one entity to fairly determine outcomes that control fund distribution.
Risk
Likelihood: Medium
-
Owner's private key stolen
-
Owner intentionally selects wrong winner to benefit themselves or associates
-
Owner accidentally selects wrong team
-
Owner forced to select specific winner through legal or physical threats
-
Owner cannot set winner due to death or incapacitation
Impact: High
-
Funds permanently locked (if winner never set)
-
Wrong team selected (intentionally or accidentally)
Proof of Concept
Recommended Mitigation
Implement Multi-Sig: e.g. require 3-of-5 signatures for setWinner()
Integrate Oracle: request sports result from Oracle, verifies real-world outcome
Decentralized Governance: token-based voting for winner selection
Appeal created
The winner is set by the owner
This is owner action and the owner is assumed to be trusted and to provide correct input arguments.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.