Launch event creation can be denied

[code423n4]

Handle

cmichel

Vulnerability details

The RocketJoeFactory.createRJLaunchEvent requires that no previous launch event was already created for the _token.

function createRJLaunchEvent(
    address _issuer,
    uint256 _phaseOneStartTime,
    address _token,
    uint256 _tokenAmount,
    uint256 _tokenIncentivesPercent,
    uint256 _floorPrice,
    uint256 _maxWithdrawPenalty,
    uint256 _fixedWithdrawPenalty,
    uint256 _maxAllocation,
    uint256 _userTimelock,
    uint256 _issuerTimelock
) external override returns (address) {
    require(
        // @audit I can frontrun and grief if I own even a single token of this
        getRJLaunchEvent[_token] == address(0),
        "RJFactory: token has already been issued"
    );
    require(_token != address(0), "RJFactory: token can't be 0 address");
    require(_token != wavax, "RJFactory: token can't be wavax");
    require(
        _tokenAmount > 0,
        "RJFactory: token amount needs to be greater than 0"
    );
    require(
        IJoeFactory(factory).getPair(wavax, _token) == address(0),
        "RJFactory: pair already exists"
    );

    // ...
}

A griefer who owns a single _token amount can call createRJLaunchEvent with undesirable parameters and deny a real launch event being created by the _token creators.

Recommendation

Consider allowing multiple launch events for the same token.

[dmvt]

Duplicate of #197