First Flight #6: Voting Booth

First Flight #6

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Voting mechanism leads to gas war scenario

emacab98

Summary

The voting mechanism implemented determines the output of a vote as soon as the quorum is reached. With this approach, only the first votes up to the quorum threshold have meaning for the output of the poll. If everyone of the allowed voters wishes to vote, they will have to force their transactions among the first votes, or whatever preference they expressed will not matter to the overall result. In order to be selected among the first voters, they will have to pay higher gas fees, meaning the result of the vote is strongly correlated to the wealth and amount of money each voter has, instead of the real reflection of the will of the voting pool.

Vulnerability Details

The comments in the VotingBooth.sol::votefunction state:

// check if quorum has been reached. Quorum is reached

// when at least 51% of the total allowed voters have cast

// their vote. For example if there are 5 allowed voters:

// first votes For

// second votes For

// third votes Against

// Quorum has now been reached (3/5) and the vote will pass as

// votesFor (2) > votesAgainst (1).

// @auditor what if the remaining two votes (only one necessary, actually) were against but were not included in the block? The output of the poll would be opposite

// This system of voting doesn't require a strict majority to

// pass the proposal (it didn't require 3 For votes), it just

// requires the quorum to be reached (enough people to vote)

As clearly stated by my comment marked with the keyword @auditor, the example scenario shows the main flaw of this voting mechanism: if voters do not outbid each other on gas fees, the result of the vote can be completely different from the actual reflection of the will of the voters.
To represent the issue more schematically, let's consider the example discussed in the provided comments:

five voters are allowed to vote;
with the quorum set at 51%, this means that after the third vote is cast, the remaining two votes are irrelevant, as the result of the poll is computed and the opportunity to vote is de-activated;
all users wishing to vote have to make sure they are picked in the next block, and before - at least - two of the other voters, or their preference will not matter;
to make sure their transaction is inserted before other voters, they must be willing to pay higher gas fees;
users capable of spending more can determine the output of the poll, even if their preference does not match the actual majority.

Impact

A smaller group of voters with larger financial possibilities can determine the result of the entire poll, if they represent the majority of the preferences when the vote counter reaches the quorum.

Tools Used

Manual review, VSCode

Recommendations

Implementing a minimum time threshold to allow everyone to vote represents a potential fix to the issue.
The mechanism of determining the result after the quorum is reached can be maintained, but only if a reasonable amount of time to vote is guaranteed: this way, all users willing to vote can manage to express their preference and determine the result of the poll.

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.