First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Rewards Calculation Problem

vannibas

Summary

Sometimes wrong calculation of rewards to voters and ethers remain on smart contract forever after voting is closed

Vulnerability Details

The calculation of the rewards is made in a wrong way, when we have at least one against voter and the result of the voting is for. In the calculation is used the number of total voters to divide the rewards, but it should be used the number of total voters for.

Impact

The votersFor gain less ethers than the one they should take. Also some ethers remain locked on the smart contract after the voting is closed.

Tools Used

foundry test
Test with one vote against and two votes for

function testVoteMoreForThanAgainstAndMoneyIsSentToVotersFor() public {
vm.prank(address(0x1));
booth.vote(false);
vm.prank(address(0x2));
booth.vote(true);
vm.prank(address(0x3));
booth.vote(true);
assert(!booth.isActive());
console.log(address(booth).balance);
assert(address(booth).balance == 0);
}

Recommendations

When we calculate the rewards for the VotersFor we should divide the amount of ethers with the number of VotersFor and not the TotalVotes.

On VotingBooth:::_distributeRewards() should be made the following changes

loc 172
- uint256 totalVotes = totalVotesFor + totalVotesAgainst;
loc 192
- uint256 rewardPerVoter = totalRewards / totalVotes;
+ uint256 rewardPerVoter = totalRewards / totalVotesFor;
loc 207
- rewardPerVoter = Math.mulDiv(totalRewards, 1, totalVotes, Math.Rounding.Ceil);
+ rewardPerVoter = Math.mulDiv(totalRewards, 1, totalVotesFor, Math.Rounding.Ceil);
Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

VotingBooth._distributeRewards(): Incorrect computation of rewardPerVoter

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.