First Flight #6: Voting Booth

First Flight #6

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Closing a proposal with equal votes will make the protocol unusable.

djanerch

Summary

Close the proposal when both s_votersFor and s_votersAgainst are equal.

Vulnerability Details

The calculation in the vote function is incorrect because the if statement is valid when s_votersFor and s_votersAgainst are equal. This calculation is incorrect because it checks for all votes, not for true or false values:

if (totalCurrentVotes * 100 / s_totalAllowedVoters >= MIN_QUORUM && s_votersFor.length != s_votersAgainst.length) {

// mark voting as having been completed

s_votingComplete = true;

// distribute the voting rewards

_distributeRewards();

}

Impact

Closing a proposal with equal votes will make the protocol unusable.
Change test contract to work with 3 or 7 accounts and add following test case.

function testVoting_PoC() public {

vm.prank(address(0x1));

booth.vote(true);

vm.prank(address(0x2));

booth.vote(false);

//If you want to test test case for 7 accounts uncomment next lines and add 7 accounts in constructor

// vm.prank(address(0x3));

// booth.vote(true);

// vm.prank(address(0x4));

// booth.vote(false);

assertEq(booth.isActive(), false);

}

This test shows how two addresses vote; the first address votes true, the second address votes false, and the booth.isActive() function returns false. There is no 51% maturity, but the contract closes the proposal.

Tools Used

Manual Review

Recommendations

Check for s_votersFor.length and s_votersAgainst.length to be different.

+if (totalCurrentVotes * 100 / s_totalAllowedVoters >= MIN_QUORUM && s_votersFor.length != s_votersAgainst.length)

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

VotingBooth.vote: In certain scenarios, proposal can pass when for and against votes are equal

t0x1c Auditor

almost 2 years ago

billobaggebilleyan Auditor

almost 2 years ago

0xnevi Lead Judge

almost 2 years ago

djanerch Submitter

almost 2 years ago

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.