_firstGoodFaithCorruptedAt is set once, on the first good-faith CORRUPTED flag, and is
never reset on any later re-flag. This is intentional as an anti-extension measure, but it
also defeats a legitimate correction to the named attacker address.
If a moderator flags good-faith CORRUPTED naming the wrong attacker (e.g. a typo), and
later corrects it, corruptedClaimDeadline stays anchored to the original, wrong flag.
Likelihood:
Moderators correcting a mistaken attacker address is a realistic operational scenario.
Original observation ([friend]'s finding): the lockout triggers via a SURVIVED detour
and elapsed time (flag A → re-flag SURVIVED → wait → re-flag B).
Extension (this submission): the same lockout is reachable via a simpler, more direct
path — a moderator correcting A to B with zero elapsed time and zero prior claims,
no SURVIVED detour required.
Impact:
The correctly-named whitehat is permanently denied their bounty.
The entire pool (stakers' principal + bonus) becomes immediately sweepable to
recoveryAddress instead of ever reaching the rightful claimant.
attacker (standing in for a moderator typo),attackerB as the correction -- no SURVIVED detour, noThe contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.