A voter voting against leaves funds trapped in the contract.
Summary
In the instance when there is a vote against by a voter but the proposal passes, reward funds are distributed incorrectly leaving funds trapped in the contract, there is no withdraw functionality so the funds are trapped indefinitely.
Vulnerability Details
Rewards per voter are currently calculated by the following
Lets use an example where there are 7 total voters with minimum quorum being reached after 4 votes with 3 "for" votes and 1 "against", if the total reward is 1 ETH, the rewards distribution would be calculated like so
However the rewards are only distributed to the "for" voters
This means a distribution like this :
This leaves 0.25 ETH still in the contract with no method to withdraw
Impact
Funds are lost indefinitely.
Tools Used
Foundry
Recommendations
rewardPerVoter should calculated by totalRewards / totalVotesFor this distributes all reward funds evenly to the "for" voters.
Lead Judging Commences
VotingBooth._distributeRewards(): Incorrect computation of rewardPerVoter
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.