From the codebase, the expiryLocked is the pool's one way commitment latch, once it is set. the setExpiry is permanently disabled.
Per the actor table, the sponsors authority over expiry is explicitly scoped:
cannot alter
expiryafter the first stake.
In practice, the latch is wired to only of the two deposit-shaped entry points.
and then we have the contributeBonus function:
From Observation, the contributeBonus() function shares every other structural property of the stake() function i.e:
The same
UNRESOLVED/pre-expiry/registry-gating checks.
The same balance-diff basedsafeTransferFrompull.
Lastly, the same permissionless capability.
But it never touches/updates the expiryLocked flag.
Capital commitment via the contributeBonus() function is therefore not recognized by the latch as a "first commitment" event, even though it is real, irreversible capital sitting in the pool from the moment it lands.
This is more of a direct deviation from the documentated limitation:
"Cannot alter expiry after the first stake"
Yes, Bonus contributors have no claim rights on the funds, so this isn't a direct principal-theft path but this is more of a real, sponsor-triggerable divergence between actual contract behaviour.
Would recommend placing this in the ConfidencePool.t.sol file.
Set the latch in contributeBonus function as well, mirroring stake()
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.