President Elector
First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

's_previousVoteEndTimeStamp' is not set initially leading to the initial president's term is less than 1460 days

al88nsk

Summary

As per the protocol documentation:

The initial president is set as the msg.sender, and each president should have a term of roughly 4 years (1460 days)

However, for the initial president this is not true.

Vulnerability Details

Function RankedChoice::selectPresident checks if the current president's term has passed as below:

if (
block.timestamp - s_previousVoteEndTimeStamp <=
i_presidentalDuration
) {
revert RankedChoice__NotTimeToVote();
}

The issue is that the variable s_previousVoteEndTimeStamp is not set initially, and the statement block.timestamp - s_previousVoteEndTimeStamp <= i_presidentalDuration is always true foe the initial president.

Impact

The initial president's term can be less than 1460 days if anyone calls selectPresident before the term has passed.

Tools Used

Manual review

Recommendations

Initialize the variable s_previousVoteEndTimeStamp in the constructor:

constructor(address[] memory voters) EIP712("RankedChoice", "1") {
VOTERS = voters;
i_presidentalDuration = 1460 days;
s_currentPresident = msg.sender;
s_voteNumber = 0;
+ s_previousVoteEndTimeStamp = block.timestamp;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`s_previousVoteEndTimeStamp` variable not being initialized correctly

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.