First Flight #6: Voting Booth

First Flight #6

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Tie voting is possible when quorum is reached

rybvic

Summary

Tie voting is possible when quorum is reached.

Vulnerability Details

According to business logic, we check the oddness of voters, most likely this is used to exclude a tie.

But checking the quorum if (totalCurrentVotes * 100 / s_totalAllowedVoters >= MIN_QUORUM) allows you to create a situation with the same number of votes for and against.

For example, with 3 voters, the first votes for, the second against, we get 66 >= 51 and a draw (1 vs 1)

Impact

Business logic violation

Tools Used

Manual checking

Recommendations

We can extend the condition to check the length of the upvotes and downvotes and if they are not equal, end the vote
if (totalCurrentVotes * 100 / s_totalAllowedVoters >= MIN_QUORUM && s_votersFor.length != s_votersAgainst.length)

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

VotingBooth.vote: In certain scenarios, proposal can pass when for and against votes are equal

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.