President Elector

Summary

The rankCandidates and rankCandidatesBySig functions do not validate whether the candidates being ranked include the zero address (0x0000000000000000000000000000000000000000). The zero address is not a valid candidate and should not be allowed in the voting process. If a voter includes the zero address in their ranking, it could corrupt the election results by counting an invalid candidate.

Vulnerability Details

Both the rankCandidates and rankCandidatesBySig functions allow voters to submit a list of candidates without verifying if any of the addresses in the orderedCandidates array are the zero address. In Ethereum, the zero address is often used as a default or placeholder and is not a valid candidate address. Including the zero address in the voting process could corrupt the tally and lead to invalid election results.

Currently, the contract lacks the necessary checks to prevent the zero address from being ranked, which could allow voters to inadvertently or maliciously cast votes for an invalid candidate. Since the zero address has no associated entity, its inclusion could disrupt the accuracy and fairness of the election process.

Impact

Allowing the zero address to be ranked as a candidate could lead to incorrect vote tallies and potentially corrupt election results. This vulnerability poses a risk to the integrity of the ranked-choice voting process, as the zero address could be counted as a legitimate candidate.

Tools Used

Manual code review.

Recommendations

Add Zero Address Validation with Custom Error: Implement a check in both the rankCandidates and rankCandidatesBySig functions to ensure that no addresses in the orderedCandidates array are the zero address (0x0000000000000000000000000000000000000000). If any zero addresses are detected, the transaction should revert with a custom error.

Example for rankCandidates:

Example for rankCandidatesBySig: