Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

Rewards calculation is wrong

Summary

Rewards are divided by the total number of votes, instead of the number for votes.

Vulnerability Details

rewardPerVoter is set to totalRewards / totalVotes. When totalVotesFor is less than totalVotes, ie. when voting is not unanimous, then rewardPerVoter will be lower than expected causing funds to be left in the contract.

Impact

  • Voters would be underpaid.

  • Funds would be lost, as they are left in the contract without option to remove them.

Tools Used

  • forge test

Failing spec for confirmation:

function testIfVoteIsNotUnanimousAllMoneyIsSent() public {
uint256 startingAmount = address(this).balance;
vm.prank(address(0x1));
booth.vote(false);
vm.prank(address(0x2));
booth.vote(true);
vm.prank(address(0x3));
booth.vote(true);
assert(address(booth).balance == 0);
}

Recommendations

Change totalVotes to totalVotesFor in both reward calculations, lines 192 and 207.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

VotingBooth._distributeRewards(): Incorrect computation of rewardPerVoter

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.