Wrong reward calculations in _distributeRewards() function
Summary
The rewards for the voters for the proposal is calculated in a way that will cause less reward for the voters and permanent loss for the creator as the remaining eth will be locked in the contract .
Vulnerability Details
In VotingBooth.sol:: _distributeRewards() private function the reward is calculated as
uint256 rewardPerVoter = totalRewards / totalVotes;
Whereas it is logically should be distributed among the s_votersFor only to reward them for voting for the proposal, besides that the above calculations will give the voters less amount of reward as it is now divided over larger number and the remaining balance will be locked forever in the contract as the method used to mitigate this is implemented with wrong parameters
if (i == totalVotesFor - 1) {
rewardPerVoter = Math.mulDiv(totalRewards, 1, totalVotes, Math.Rounding.Ceil);//@audit wrong parameters
}
with the given parameters the rewardPerVoter =(totalRewards* 1)/totalVotes // this is exactly the same as the 1st formula;
then it will be rounded up which means it will be incremented by one.
This will not be garanteed to collect all the remaining amount of balance and will leave some funds behind.
Impact
distributing the reward among bigger number of intended voters will:
1- reduce the reward for each voter and,
2- will cause the remainig of the totalReward (after division and rounding up) to get stuck in the contract.
Tools Used
manual review
Recommendations
change the reward calculation to be
and
Lead Judging Commences
VotingBooth._distributeRewards(): Incorrect computation of rewardPerVoter
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.