Submission Details
Severity:
No possible draw in `MartenitsaVoting::announceWinner`, first token with the max votes will win
Description
During the selection of the winner, every time a token has more vote than the previously stored one, it will be stored in winnerTokenId. Any token with the same amount of votes will be skipped.
function announceWinner() external onlyOwner {
require(
block.timestamp >= startVoteTime + duration,
"The voting is active"
);
uint256 winnerTokenId;
uint256 maxVotes = 0;
for (uint256 i = 0; i < _tokenIds.length; i++) {
@> if (voteCounts[_tokenIds[i]] > maxVotes) {
maxVotes = voteCounts[_tokenIds[i]];
winnerTokenId = _tokenIds[i];
}
}
list = _martenitsaMarketplace.getListing(winnerTokenId);
_healthToken.distributeHealthToken(list.seller, 1);
emit WinnerAnnounced(winnerTokenId, list.seller);
}
Risk
Likelyhood: Low
When several tokens have the maximum amount of votes
Impact: Low
Producer entering the voting array first will have more chances to win.
Recommended Mitigation
Keep all winners in an array and implement a random selection between them to be fairer.
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Assigned finding tags:
Tie in voting is not considered
Rewards breakdown
nSLOC
239This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.