President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Voters can add their preferred candidate(s) in `_rankCandidates()`

whizz1

Summary

The _rankCandidates is dynamically modified based on voter input, allowing voters to add unauthorized candidates.

Vulnerability Details

The current implementation allows voters to add candidates dynamically to the candidate list during the election process at _rankCandidates(), which leads to unauthorized or unintended candidates being added to the election.

Impact

The voting process can be compromised by allowing voters to include candidates who should not be part of the election.

Tools Used

Foundry Tests

POC

Add this to your test suite, the test passes even if we add a random candidate:

function testVote() public {

address x = makeAddr("12");

orderedCandidates = [candidates[0], candidates[1], candidates[2], x];

vm.prank(voters[8000]);

rankedChoice.rankCandidates(orderedCandidates);

assertEq(

rankedChoice.getUserCurrentVote(voters[8000]),

orderedCandidates

);

}

Recommendations

Predefine a list of valid candidates during the election setup (constructor) to ensure only authorized candidates are part of the selection process.
Add specific candidate list at constructor with checks on zero addresses and duplicates

constructor(address[] memory voters, address[] memory candidates) EIP712("RankedChoice", "1") {

@> + uint256 length = candidates.length;

++ require(length > 0 && length <= MAX_CANDIDATES, "Invalid candidate list");

// Use a temporary mapping to track duplicates

+ mapping(address => bool) memory candidateExists;

// Validate and add candidates

+ for (uint256 i = 0; i < length; i++){

+ address candidate = candidates[i];

+ if (candidate == address(0)) {

+ revert RankedChoice__ZeroAddressNotAllowed();

+ }

+ if (candidateExists[candidate) {

+ revert RankedChoice__DuplicateCandidate();

+ }

+ candidateExists[candidate] = true

+ s_candidateList.push(candidate);

+ }

// Set voters

VOTERS = voters

i_presidentalDuration = 1460 days;

s_currentPresident = msg.sender;

s_voteNumber = 0;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.