First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Wrong distribution of rewards between voters

dentonylifer

Summary

Wrong distribution of rewards between voters. Rewards are distributed among all allowed voters, but only "for" voters receive them. The rest of the rewards locked on the contract.

Vulnerability Details

In the "_distributeRewards" function, rewards are distributed, and if the vote is successful, according to the logic of the contract, the total amount of funds will be divided among the voters "for". The issue is that this amount is divided by the number of all voters, and only users from the "s_votersFor" list will receive it. That is, each voter will receive a smaller share than they should.
For example, the creator sends 5 ethers to the contract and adds 9 voters. 4 votes for, 1 against, voting is over. The value of "rewardPerVoter" is equal to 1 ether, 4 voters will receive 1 ether each. The rest (1 ether) will be locked in the contract.

Paste this code in VotingBoothTest.sol:

function testVotePassedAndMoneyLockedOnContract() public {
vm.prank(address(0x1));
booth.vote(true);
vm.prank(address(0x2));
booth.vote(false);
vm.prank(address(0x3));
booth.vote(true);
assert(!booth.isActive() && address(booth).balance != 0);
}

Impact

Locking of funds on the contract.

Tools Used

Manual rewiew, forge.

Recommendations

Recommended add "totalVotesFor" in line 192 instead of "totalVotes".

uint256 rewardPerVoter = totalRewards / totalVotesFor;
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

VotingBooth._distributeRewards(): Incorrect computation of rewardPerVoter

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.