President Elector

Summary

The RankedChoice contract is susceptible to Denial of Service (DoS) attacks when handling a large voter list. The extensive data processing required can lead to excessive gas consumption, transaction failures, and operational bottlenecks, effectively disrupting the contract's functionality.

Vulnerability Details

The contract's functions, such as selectPresident and _selectPresidentRecursive, require iterating over the entire VOTERS list. Each iteration consumes gas, and the cost scales linearly with the number of voters.
Each voter submits a ranked list of candidates, and the contract processes these rankings to determine election outcomes. This complexity adds to the gas consumption, especially when calculating votes across multiple rounds.
As the voter list grows, the risk of transactions exceeding the block gas limit increases, potentially causing them to fail. This is particularly concerning during the recursive selection of the president, where multiple rounds of calculations are performed.

Impact

Users may incur significant gas fees when interacting with the contract, particularly during the vote tallying and president selection phases. This can discourage participation and limit the contract's usability.
Scalability Limitations: The contract's ability to handle large-scale elections is constrained by its gas consumption. This limits its applicability in scenarios with a large number of voters, such as national or organizational elections.
The high gas usage leads to slower transaction processing and can result in delays in finalizing election results. This inefficiency can undermine the contract's effectiveness in time-sensitive voting scenarios.

Tools Used

Manual Review

Recommendations

Consider using more efficient data structures, such as mappings or indexed arrays, to reduce the complexity of operations involving the voter list.