First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

The voting takes place only once

0x0noob

Summary

The docs clearly states that the The voting takes place only once. However, whenever Martenitsa::startVoting is called by the owner even after some users has voted, the timestamp for the vote period is resheduled also without allowing previous voters to be able to vote again.

POC

contract POC is Test {
MartenitsaMarketplace martenitsaMarketplace;
HealthToken health;
MartenitsaToken martenitsaToken;
MartenitsaVoting voting;
address voter1 = makeAddr("voter1");
address voter2 = makeAddr("voter2");
address[] public producers;
address chasy = makeAddr("chasy");
function setUp() public {
vm.startPrank(chasy);
producers.push(chasy);
martenitsaToken = new MartenitsaToken();
health = new HealthToken();
martenitsaMarketplace = new MartenitsaMarketplace(address(health), address(martenitsaToken));
voting = new MartenitsaVoting(address(martenitsaMarketplace), address(health));
health.setMarketAndVotingAddress(address(martenitsaMarketplace), address(voting));
martenitsaToken.setProducers(producers);
vm.deal(voter1, 2 ether);
vm.stopPrank();
}
function test__voteStartsAnyTime() public {
vm.startPrank(chasy);
martenitsaToken.createMartenitsa("bracelet");
martenitsaMarketplace.listMartenitsaForSale(0, 1 wei);
martenitsaToken.approve(address(martenitsaMarketplace), 0);
vm.stopPrank();
vm.startPrank(voter1);
voting.voteForMartenitsa(0);
vm.stopPrank();
vm.startPrank(chasy);
vm.warp(block.timestamp + 1 days + 1);
vm.recordLogs();
voting.announceWinner();
vm.stopPrank();
vm.startPrank(chasy);
voting.startVoting();
vm.stopPrank();
vm.startPrank(voter1);
vm.expectRevert();
voting.voteForMartenitsa(0);
vm.stopPrank();
vm.startPrank(voter2);
voting.voteForMartenitsa(0);
vm.stopPrank();
}
}

Impact

The possibility of the whole vote process been able to take place more than once is not in line with the protocols docs. Also, it is also possibe to restart the timestamp of a vote batch and when a voting process has ended it is possible to start a new vote. Lastly, any user who has partipated in a previous vote process will not be able tp participate in any vote again.

Tools Used

Manual Review

Recommendation

Add additional checks in Martenitsa::startVoting to track for when a voting is in progress and when a winner has been announced so the function can only be called once as stated in the docs.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.