First Flight #6: Voting Booth

First Flight #6

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

One wei left in the contract after distribution when `MIN_FUNDING` is an odd number

wafflemakr

Summary

One wei left in the contract after distribution when MIN_FUNDING is an odd number

Vulnerability Details

Assume the reward calculation bug is fixed and now we are distributing among totalVotesFor amount of voters.

Now, when contract is deployed with an odd number for the MIN_FUNDING, when quorum passes and totalVotesFor is also an odd number, rounding down the rewardPerVoter in VotingBooth.sol#L192 will leave 1 wei left to distribute. Although VotingBooth.sol#L206 tries to account for this, it rounds up and the distribution will end up leaving 1 wei in the contract.

Poc

function testPocOneWeiLeft() public {

vm.prank(address(0x1));

booth.vote(true);

vm.prank(address(0x2));

booth.vote(false);

vm.prank(address(0x3));

booth.vote(false);

vm.prank(address(0x4));

booth.vote(true);

vm.prank(address(0x5));

booth.vote(true);

assertTrue(!booth.isActive());

assertEq(address(booth).balance, 1, "VotingBooth balance");

}

Poc Result

forge test --mt testPocOneWeiLeft -vvv

[⠒] Compiling...

No files changed, compilation skipped

Running 1 test for test/VotingBoothTest.t.sol:VotingBoothTest

[PASS] testPocOneWeiLeft() (gas: 356049)

Logs:

ETH left 10000000000000000001

Voter 0x0000000000000000000000000000000000000001 reward 3333333333333333333

ETH left 6666666666666666668

Voter 0x0000000000000000000000000000000000000004 reward 3333333333333333333

ETH left 3333333333333333335

Voter 0x0000000000000000000000000000000000000005 reward 3333333333333333334

Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 5.34ms

Ran 1 test suites: 1 tests passed, 0 failed, 0 skipped (1 total tests)

Impact

Medium impact, is not a significant lost, but if this contract is used to do multiple different votings, then the funds lost will grow. Besides, this breaks the invariant that the contract should not have any balance after voting is over.

Tools Used

Manual Review
Foundry Fuzzing

Recommendations

Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

VotingBooth._distributeRewards(): Dust amount can still remain in contract

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.