In the protocol's docs, it states that a big part of the protocol's functionality is that voters can let others spend gas for they're votes by using signatures. The following function is in charge of doing so:
The function uses a variable called `TYPEHASH` that contains the function's signature and is encoded to create the hash eventually. However, in the `TYPEHASH` declaration the function's signature is wrong:
The function takes an array of addresses not uint256!
In the `rankCandidatesBySig` function the `hash` will be encoded with the wrong input parameters for the function, which will revert every transaction made with the signatures. Which means that an important capability in the protocol will not work!
Here is a step by step of a situation of a voter trying to vote with some other user to pay the gas for them:
1. A voter will make an order list of they're candidates.
2. That voter will make a signature constructed with the function signature and the actual list they made.
3. The gas payer will now pass on the actual list and the signature.
4. The `rankCandidatesBySig` will create the hash using the wrong TYPEHASH.
5. The ECDSA contract will revert
Fix the TYPEHASH to the correct input parameters:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.