President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

No Limit On Candidate Choices Causes Denial Of Service On `selectPresident()`

evmninja

Summary

Having too many candidates causes denial of service on the call to selectPresident()

Vulnerability Details

While the voters and number of maximum candidates per vote is predetermined, there is no predefined candidates in one election. Therefore, there can be a case where too many candidates are logged into the system.
This could lead to out-of-gas or even block gas limit exceeded problem when calling selectPresident(). This is because each candidate is tallied on the same function call, and also there is a recursive call until one candidate remains. This logic may take too much gas and may never complete.

Impact

The function selectPresident() cannot be called and therefore no president is selected.

Tools Used

Testing

Recommendations

Consider predefining a limited number of candidates.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

A high number of candidates could cause an OOG

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.