Vote Counts Not Reset After Election Conclusion
Summary
In the RankedChoice smart contract, the vote counts for each candidate are not reset after an election is concluded. This introduces a vulnerability where old vote data can persist and influence the results of future elections, leading to inaccurate or manipulated outcomes.
Vulnerability Details
The contract maintains vote counts for each candidate in the s_candidateVotesByRound mapping. However, after an election is finalized and the president is selected, the contract does not reset or clear these vote counts. This means that in subsequent elections, the vote tallies from previous rounds may still be present in the system they could be reused or mistakenly factored into the next election. This could cause the results of the next election to be skewed, as the vote counts would no longer reflect the current election but a combination of votes from multiple rounds of past elections.
Impact
Old vote data could be mistakenly included in future elections, leading to incorrect final tallies. An actor with knowledge of this flaw could exploit it by inflating the vote count of certain candidates over multiple election cycles.
Tools Used
Manual Review
Recommendations
To prevent this issue, the following changes are recommended:
After the president is selected and the election concludes, clear the s_candidateVotesByRound mapping for all candidates involved. This ensures that the vote counts start fresh for each new election cycle.
In the selectPresident function, implement a process that automatically resets the vote counts once the election has ended and a winner is declared.
Lead Judging Commences
[Invalid] Vote Cycles not properly tracked
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.