President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Potential for Voter Manipulation by voters in `_rankCandidate()`

whizz1

Summary

A voter can rank the same candidate multiple times, thus manipulating the voting process.

Vulnerability Details

There is no validation to prevent a voter from ranking the same candidate in multiple positions in their ordered list, giving a single candidate an unfair advantage.

Impact

Malicious voters can skew election results by ranking the same candidate multiple times, which undermines the fairness of the ranked-choice voting process.

Tools Used

Foundry

Recommendations

To ensure that each candidate is ranked only once per voter in the _rankCandidates function, we can add a check to see if any candidate is duplicated within the orderedCandidates array. This can be done by using a temporary mapping(address => bool) inside the function to track if a candidate has already been ranked by the voter.

function _rankCandidates(

address[] memory orderedCandidates,

address voter

) internal {

// Checks

if (orderedCandidates.length > MAX_CANDIDATES) {

revert RankedChoice__InvalidInput();

}

if (!_isInArray(VOTERS, voter)) {

revert RankedChoice__InvalidVoter();

}

@>++ // Temporary mapping to track if a candidate has already been ranked

+ mapping(address => bool) memory rankedAlready;

+ // Ensure all ranked candidates are valid and not duplicated

+ for (uint256 i = 0; i < orderedCandidates.length; i++) {

+ address candidate = orderedCandidates[i];

+ // Check if this candidate has already been ranked by the voter

+ if (rankedAlready[candidate]) {

+ revert RankedChoice__DuplicateRanking(); // Revert if duplicate ranking

+ }

+ // Mark candidate as ranked

+ rankedAlready[candidate] = true;

+ }

// Internal Effects

s_rankings[voter][s_voteNumber] = orderedCandidates;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Validated

Assigned finding tags:

rankCandidates() allows duplicate votes inside the `orderedCandidates` array

Appeal created

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

rankCandidates() allows duplicate votes inside the `orderedCandidates` array

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.