First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Funds can get stuck on the contract.

0x6a70

Summary

The contract allows only 3, 5, 7 or 9 voters. Lets say there are 5 voters, than means a quota is reached when 3 people vote.
If two people vote 'True" and one "False' , that will lead to funds divided by number of voters(3), and sending each voter who voted with 'True' 1/3 of the funds. But the final portion of the funds (which are 1/3) will be left on the contract and stuck, because there is no function to withdraw the remaining funds.

Vulnerability Details

POC:

function testVotePassesButOneVotesFalseAndMoneyAreStuck() public {
vm.prank(address(0x1));
booth.vote(true);
vm.prank(address(0x2));
booth.vote(true);
vm.prank(address(0x3));
booth.vote(false);
//Voting again is impossible, so no way to unstuck the funds.
vm.expectRevert("DP: voting has been completed on this proposal");
vm.prank(address(0x4));
booth.vote(true);
console.log("Addres proposer balance is:", address(this).balance);
console.log("Addres 1 balance i:", address(0x1).balance);
console.log("Addres 2 balance i:", address(0x2).balance);
console.log("Addres 3 balance i:", address(0x3).balance);
console.log("Addres Booth balance i:", address(booth).balance);
}

Impact

High as this will lead to loss of funds, stuck on the contract.

Tools Used

Foundry

Recommendations

One way is to send all the funds to people that voted 'True'.
Another way is to send the remaining funds after voting to the 'Creator'.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

VotingBooth._distributeRewards(): Incorrect computation of rewardPerVoter

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.