First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

`VotingBooth::vote can be frontrunned to influence the result of the vote

Mahmudsudo

Summary

the vote quorum is established when 51% of the totalPossibleVoters have voted , this poses a major threat if 34% of the totalPossibleVoters are sybils or malicious.
a peculiar scenario is if totalPossibleVoters=5, and malicious users are atleast 2 , these two can frontrun their vote transactions thereby making their vote part of the quorum and thereby influencing their vote over the others .

Vulnerability Details

VotingBooth::vote can be frontrunned to influence the result of the vote

Impact

vote decision influencing

Tools Used

manual review

proof of concept

add this to the test file

function test_34attacK() public{
// this frontrunning can also be disguised as a sandwish attack
vm.prank(address(0x1));// suspicious
booth.vote(true);
vm.prank(address(0x2));// suspicious
booth.vote(true);
vm.prank(address(0x3)); // good user
booth.vote(false);
// disparity in the balance of the two attackers is based on precision of the calculation
assert(!booth.isActive() && address(0x1).balance != address(0x2).balance && address(0x3).balance == 0);
console.log(address(0x1).balance);
console.log(address(0x2).balance);
}

Recommendations

a consensus on a way to mitigate this attack on the quorum should be introduced .

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.