The rankCandidates()
function in the RankedChoice
contract does not include necessary validation to prevent duplicate candidates in a voter's ranked list or the submission of empty votes. These two vulnerabilities can result in inaccurate vote tallies and potential manipulation of the voting process, undermining the integrity of the election.
Duplicate Candidates: The rankCandidates()
function allows voters to submit duplicate addresses in the list of ranked candidates. This can lead to vote inflation for certain candidates, as a voter could rank the same candidate multiple times, giving them an unfair advantage. The lack of a mechanism to detect and prevent duplicates compromises the fairness of the ranked-choice voting system.
Empty Vote: The protocol currently allows a voter to submit an empty list of candidates, meaning that a vote can be submitted with no candidates ranked. This does not contribute to the election process and can create discrepancies in the vote counting mechanism, potentially leading to an incorrect outcome or wasted gas.
Duplicate Candidates Scenario:
Initial Setup: A voter submits the following ranked list: [Candidate1, Candidate2, Candidate2]
.
Execution: The contract allows the vote to be cast without reverting or validating that each candidate in the list is unique.
Outcome: Candidate2 receives an unfair advantage by being ranked twice in the same vote, distorting the election results.
Empty Vote Scenario:
Initial Setup: A voter submits an empty list []
.
Execution: The contract allows the empty vote to be submitted, which provides no valid input for the election process.
Outcome: The vote is recorded without contributing to the election, potentially wasting resources and gas fees.
Duplicate Candidates:
Allows voters to unfairly rank the same candidate multiple times, resulting in an inflated number of votes for that candidate.
Compromises the integrity of the ranked-choice voting system by allowing vote manipulation.
Empty Vote:
Allows submission of meaningless votes that do not contribute to the election process.
May cause unnecessary gas consumption and confusion in the vote tallying process, resulting in wasted resources.
Manual review
Testing with unit tests and stateful fuzzing.
Add Validation for Duplicate Candidates:
The contract should enforce uniqueness in the orderedCandidates
array to ensure that no candidate is ranked more than once. Implement a validation check in _rankCandidates that reverts the transaction if duplicates are detected.
Add Validation for Empty Votes:
The contract should reject votes that contain an empty candidate list by reverting the transaction.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.