First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Proposal can have even users by entering same user address multiple times

cem

Summary

The protocol asks for odd numbers of voters but it can be bypassed by adding the same user multiple times.

Vulnerability Details

VotingBooth::constructor line 95

// odd number of voters required to simplify quorum check
require(allowListLength % 2 != 0, "DP: Odd number of voters required");

this only checks the length of the given array but voters loop does not take into account of same users in the array

Impact

The requirement of odd number of voters can be bypassed.

Tools Used

add test VotingBoothTest.t:setUpWithEvenUsers

function setUpWithEvenUsers() public virtual {
// deal this contract the proposal reward
deal(address(this), ETH_REWARD);
// setup the allowed list of voters
voters.push(address(0x1));
voters.push(address(0x2));
voters.push(address(0x3));
voters.push(address(0x4));
voters.push(address(0x4));
new VotingBooth{value: ETH_REWARD}(voters);
}

Recommendations

The issue does not break anything as the protocol already handles equal amount of votesFor and votesAgainst. so suggestion number 1 would be removing the requirement of odd number of voters.

If the protocol still wants to use odd number of voters this can be fixed by adding a check on VotingBooth::constructor line 101

for (; totalVoters < allowListLength; ++totalVoters) {
// sanity check to prevent address(0) as a valid voter
address voter = allowList[totalVoters];
require(voter != address(0), "DP: address(0) not a valid voter");
+ require(!s_voters[voter], "Same user address can not be used again");
s_voters[voter] = ALLOWED;
}
Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.