First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

s_totalAllowedVoters contains an incorrect number of allowed voters

y0ng0p3

Summary

s_totalAllowedVoters stored is less by one than the real number of total allowed voters in allowList update storage of total voters only once

Vulnerability Details

In the VotingBooth::constructor() the local variable totalVoters is assigned to the storage variable s_totalAllowedVoters of the total number of allowed voters. However, in the for loop, just before the assignment, totalVoters goes from 0 to allowListLength - 1.

File: src/VotingBooth.sol
97: // cache total voters to prevent multiple storage writes
98: uint256 totalVoters;
100: // store addresses allowed to vote on this proposal
// 1st iteration: totalVoters = 0
// 2nd iteration: totalVoters = 1
. . .
. . .
. . .
. . .
// last (allowListLength th) iteration: totalVoters = allowListLength - 1
101: for (; totalVoters < allowListLength; ++totalVoters) {

This means that, at the end of the for loop, the value of totalVoters is allowListLength - 1 and therefore the value of s_totalAllowedVoters as well after the assignment.

Impact

Voting could be considered completed when it isn't, and rewards distributed when the vote should be continuing.

Tools Used

Manual review

Recommendations

Change solidity s_totalAllowedVoters = totalVoters; to solidity s_totalAllowedVoters = allowListLength;.

Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.