In src/ConfidencePool.sol, stake() sets expiryLocked = true when the first stake occurs:
A user can perform a minimal stake and then immediately call withdraw(), leaving expiryLocked true. That state permanently blocks setExpiry() because it reverts when expiryLocked is set.
Owner cannot update the pool expiry after the first stake, even when scope changes or a valid extension is needed.
This can freeze owner maintenance and lock the contract into an invalid lifecycle.
Malicious user can keep doing this on all pools being deployed by an aggreement or in the protocal making the expiry update feature totally useless
Consider unlocking expiry updates for cases where a withdraw makes total stake become zero
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.