setPoolImplementation() only checks for address(0). If the owner sets an address that doesn't implement initialize() with the right signature, every future createPool() will silently revert. Existing pools aren't affected since they're already cloned.
Line 137-142 of ConfidencePoolFactory.sol:
No check that the new address has code, implements the right interface, or can be successfully initialized. The owner is trusted, but a typo or wrong address would brick all future pool creation until someone notices and fixes it.
Likelihood: Low — requires the trusted owner to make a mistake or set a malicious address.
Impact: Low — existing pools are unaffected since they are already cloned. Only future createPool() calls would revert. Easily reversible by the owner setting the correct address.
If the owner calls setPoolImplementation(someEOA) where someEOA is an externally owned account with no code, all subsequent createPool() calls will deploy a clone of an empty contract and revert when initialize() is called on it. There is no on-chain guard preventing this.
Add a code-length check at minimum:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.