[M] EXPIRATION_TIME constant will not apply across contests deployed on different chains, leading to unfair distribution of prizes

Severity

Medium Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-08-sparkn/blob/0f139b2dc53905700dd29a01451b330f829653e9/src/ProxyFactory.sol#L179

https://github.com/Cyfrin/2023-08-sparkn/blob/0f139b2dc53905700dd29a01451b330f829653e9/src/ProxyFactory.sol#L205

Summary

During the call to deployProxyAndDistributeByOwner the contract checks if the contest has expired, before deploying the proxy and distributing the prizes.

if (saltToCloseTime[salt] + EXPIRATION_TIME > block.timestamp) revert ProxyFactory__ContestIsNotExpired();

The EXPIRATION_TIME constant is set to 7 days.

Vulnerability Details

However, since chains like Polygon, Optimism, Arbitrum, and BSC have a faster block time than Ethereum, its very possible that block.timestamp will be greater than the EXPIRATION_TIME constant.

Impact

If this happens, this condition might not be met and prizes will be distributed to winners prematurely, before other participants have had a chance to submit their solutions.

Tools Used

Manual Review

Recommendations

You could use an Oracle to get the current block.timestamp across the desired chains of deployment.

Then use the Oracle to check the current block timestamp before ascertaining if the contest has expired.

Cyfrin / 2023-08-sparkn