The rewardPerVoter value is subject to rounding errors - which might lead to locked funds on behalf of the vote proposal creator. This might also lead to attacker being able to withdraw these funds from the contract or lead to an error in a future calculated amount.
In all except for the last voter, this calculation is made:
uint256 rewardPerVoter = totalRewards / totalVotes;
Which is prone to rounding errors - which might lead to funds not getting paid out to the users who voted for but instead get locked up in the contract.
Might lead to locked funds or attackers being able to withdraw funds at a later date.
Use OpenZeppelin math library to make sure the rounding is as perfect (as close to zero) as can be.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.