Missing Length Validation Between players[] and rewards[] Arrays Leads to Incorrect Reward Mapping

Description

In ContestManager::createContest(), the owner passes two arrays to the Pot constructor:

• players[]

• rewards[]

However, there is no validation ensuring:

Inside the Pot constructor, rewards are assigned using:

If rewards.length < players.length, the loop will attempt to access an out-of-bounds index in i_rewards, causing a revert.

If rewards.length > players.length, some reward values will never be mapped, causing inconsistent accounting between i_totalRewards and actual assigned rewards.

Because no validation exists in either createContest() or the Pot constructor, the contract allows inconsistent array inputs.

Risk

Likelihood: Low

Reason 1:
Only the owner can call createContest(), so this is a misconfiguration risk.

Impact: Medium

Impact 1:
Contest deployment may revert due to out-of-bounds access.

Impact 2:
Reward mapping may become inconsistent, potentially leading to incorrect distribution or locked funds.

Proof of Concept

Scenario 1 — rewards.length < players.length (Revert / DoS)

• Loop in constructor accesses i_rewards[2] → ❌ out-of-bounds → revert

• Contest deployment fails → functional denial of service

Scenario 2 — rewards.length > players.length (Incorrect mapping)

• Extra reward 300 is never assigned → inconsistent accounting

• totalRewards ≠ sum of mapped rewards → logic inconsistency

Recommended mitigation

Validate array lengths before deployment.