Submission Details
Severity:
The owner of MartenitsaVoting can extend the voting period indefinitly
Summary
In MartenitsaVoting the Owner of the contract can call startVoting when the Voting period is almost over extending the period.
Impact
If the Owner want a particular Martenitsa to win, the Owner can extend the period for the vote untill that Martenitsa is the winning one.
Proof of Concept:
Add this test to MartenitsaVoting.t.sol
Proof Of Code
function testOwnerCanExtendTheVotingPeriod() public listMartenitsa {
vm.warp(block.timestamp + 1 days - 1);
// The voting period of 1 day is almost finished
voting.startVoting();
// The owner restart the counter
vm.warp(block.timestamp + (1 days / 2));
// The voting period is exended and it's still possible to vote
vm.prank(bob);
voting.voteForMartenitsa(0);
assert(voting.getVoteCount(0) == 1);
}
Tools Used
Foundry
Recommendations
In MartenitsaVoting add a state variable bool voteStarted and check if the vote is started before changing startVoteTime
contract MartenitsaVoting is Ownable {
MartenitsaMarketplace private _martenitsaMarketplace;
MartenitsaMarketplace.Listing list;
HealthToken private _healthToken;
uint256 public startVoteTime;
uint256 public duration = 1 days;
uint256[] private _tokenIds;
+ bool voteStarted = false;
...
function startVoting() public onlyOwner {
+ require(!voteStarted, "Vote already started");
startVoteTime = block.timestamp;
emit Voting(startVoteTime, duration);
}
Rewards breakdown
nSLOC
239This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.