A vulnerability in the VotingBooth smart contract causes part of the rewards funding to be irrecoverable.
When a reward distribution is triggered and the proposals passes, the following code is executed.
Here, the reward per individual "For" voters, declared as rewardPerVoter
, is assigned to the total of rewards divided by the total of votes.
This is wrong, since the total rewards to give to the "For" voters should be divided by the number of "For" voters, not the total of voters, which would also split taking "Against" voters in consideration.
The error is also hinted by the code block that follows, which properly sends individual rewards to totalVotersFor
addresses.
The only situation where this contract executes successfully is the one where all the addresses that voted before reaching quorum are "For" voters.
High. The vulnerability causes loss of funds and underwhelming rewards for proposal voters.
None.
Replace line 192:
with the following line:
fixes the vulnerability.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.