Immutable voters Array
RankedChoice::constructor
which will make the contract unable to add new voters.IMPACT: HIGH
LIKELIHOOD: MEDIUM
Description: The voters
array in this contract is initilised in the constructor, without any function to update and modify it. which means it cannot be updated after deployment.
Impact: Because the voters
is only set in the constructor, Only the deployer has full control over the voters list. ths could centralise so much control in one entity leading to governance issue.
If the private key of a voter is compromised they'll be no way to revoke thier voting rights.
This will probably lead to unauthorised voting or manipulation of election process.
The contract will not be able to add or remove voters.
The voting pool is permanetly fixed at contract deployment.
Proof of Concept:
Recomended Mitigation: create functions that will add and also remove voters, and will also restrict s_currentPresident
and multi-sig
make contract upgradable, allowing future improvement for voters management.
selectPresident()
Vulnerability Review.IMPACT: HIGH
LIKELIHOOD: HIGH
Description: The selectPresident()
has no restrictions, leaving it vulnerable to be called by any address at any given time.
Impact: An attacker could call the function selectPresident()
as soon as the voting period ends and even before all voters will have the chance to submit thier rankings.
Without giving a fixed time or a specific caller the voters will never know or predict when the president will be elected.
Proof Of concept:
Recomended Mitigation: Note the function has a time check
but this only prevents the function from been called too early and not controlling it from beign called at the wrong time.
Implement a system where only an address or msg.sender as the case maybe will be able to call the function.
Make the selection of the president a formal governance proposal that must be voted on before execution.
Modify a function to be callable only at a specific time after the voting period ends.
SelectPresident()
and _selectPresidentRecursive
doing too many loops in same function(looping through voters, looping through candidates and selecting a president)leaves a function vulnerable to Denial Of Service Attack(DOS).Description: The current Implementation of selectPresident()
gave rise to a potential denial of service(DOS)attack. An attacker could manipulate the voting process to prevent the selection of a president effectively freezing the contracts core functionality.
Impact: There's no limit on the number of unique candidates that can be added to s_candidateList
.
An attacker could vote for a large number of addresses as candidates.
This can cause the function to run out of gas when trying to process all candidates making it unable to select a president.
Recomended Mitigation: Use mapping to track candidates instead of array.
Seperate the candidate selection phase from the president selection phase.
reject votes that could exceed the limits of the function.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.