First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Wrong calculate `_distributeRewards()`

0xfuluz

Summary

Calculate in _distributeRewards()when reward for voter For not correct.

Vulnerability Details

When proposal pass with For result, reward should be distribute to the For voters, but formula to calculate in contract count all voters (totalVotes).

uint256 rewardPerVoter = totalRewards / totalVotes;

Test below will demonstration reward distribute not correct, For votes receiver less reward and remain token will stuck in contract

function testDistributeRewardNotCorrect() public {
console2.log(address(booth).balance);
vm.prank(address(0x1));
booth.vote(true);
vm.prank(address(0x2));
booth.vote(true);
vm.prank(address(0x3));
booth.vote(false);
assert(!booth.isActive() && address(booth).balance > 0);
}

Impact

For votes receiver less reward and remain token will stuck in contract

Tools Used

Manual review & foundry

Recommendations

Reward distribute for voter For should calculate with formula: rewardPerVoter = totalRewards / totalVotesFor and also update round formula : rewardPerVoter = Math.mulDiv(totalRewards, 1, totalVotesFor, Math.Rounding.Ceil);

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

VotingBooth._distributeRewards(): Incorrect computation of rewardPerVoter

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.