After initialization, the s_currentPresident
will be msg.sender
as the initial president. The s_previousVoteEndTimeStamp
is responsible for storing the start time when new president is selected. However, the initial value of s_previousVoteEndTimeStamp
is 0
after constructing contract. Because of it, malicious voters
can eliminate the initial president and manipulate first president who they want.
Proof of Concepts
Malicious voter calls rankCandidates
function to rank their candidates.
Immediately after, they call the selectPresident
function to change the president before others can do so.
Proof of Code
The following testing function:
Malicious voters are able to bypass the initial president selection process by leveraging the uninitialized s_previousVoteEndTimeStamp
, giving them control over the first presidential selection immediately after contract deployment.
Foundry
There are 2 practices to solve this problem.
Initialize the RankedChoice::s_previousVoteEndTimeStamp
with the constructive time, then must wait to select next president.
Allow to select president after initialization.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.