First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Reward is not correclty distributed to FOR voters

DeFiesta

Summary

The reward to be sent to each FOR voter is divided by the entire population of voters.

Vulnerability Details

If the count of voters against s_votersAgainst exceeds zero, it implies that the total number of votes will surpass the count of votes in favor totalVotes > totalVotesFor. Consequently, the full allocation of the reward will not be evenly divided, as the reward per voter rewardPerVoter is calculated as the total rewards divided by the total votes. This circumstance results in a portion of ETH being held within the contract whenever rewards are distributed.

Impact

the proportion of eth associated to AGAINST voter will definitely be stuck into the contract as the reward sent to FOR voters will not cover 100% of the reward.

Proof of Concept

function testWrongAmountIsSent() public {
assert(address(booth).balance == ETH_REWARD);
vm.prank(address(0x1));
booth.vote(true);
vm.prank(address(0x2));
booth.vote(true);
vm.prank(address(0x3));
booth.vote(false);
assert(address(0x1).balance != 0);
assert(address(0x2).balance != 0);
assert(address(0x3).balance == 0);
assert(!booth.isActive() && address(booth).balance == (ETH_REWARD / 3));
}

Tools Used

Manual Review / Foundry

Recommendations

We recommand dividing totalReward by totalVotesFor variable instead of totalVotes in order to avoid eth to be stuck into the contract.

Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

VotingBooth._distributeRewards(): Incorrect computation of rewardPerVoter

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.