President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing important events which reduces transparency and voting results monitoring

aeff

Relevant GitHub Links

https://github.com/Cyfrin/2024-09-president-elector/blob/main/src/RankedChoice.sol#L60
https://github.com/Cyfrin/2024-09-president-elector/blob/main/src/RankedChoice.sol#L159

Summary

The "RankedChoice" contract lacks emitting important events for the implemented RCV voting system.

Vulnerability Details

The RankedChoice contract lacks event emissions for critical actions such as follows:

rankCandidates function is missing event when a voter votes for specific candidates
selectPresident function is missing event when eliminating candidates on the final selection phase
selectPresident function function is missing event the winner candidate is selected as the president

Events are crucial in Solidity contracts for logging important actions, as they provide an immutable record on the blockchain that can be indexed and queried by off-chain applications. Without these events, tracking the state and history of the contract becomes difficult, which can hinder monitoring, debugging, and auditing efforts.

Impact

Limited Visibility: Without events, external parties such as users or monitoring systems cannot easily track when contests are created, funded, or closed. This lack of visibility can lead to difficulties in verifying the correct operation of the contract.
Reduced Transparency and Audibility: Events provide an off-chain way to log important activities in a smart contract. Without events, it becomes difficult for users, developers, and auditors to track critical actions like token transfers, state changes, or voting results.
Hinders Debugging: Developers rely on emitted events to debug and test smart contracts. Without them, understanding what happens when a critical action is performed becomes more difficult, especially when analyzing complex state changes..

Tools Used

Manual Code Review

Recommendations

It is recommended to introduce events for all critical state-changing, or any other important actions within the contracts.. Add event declarations and emit statements in the contract to log significant actions.

+ event VoteCast(address indexed voter, uint256 voteNumber, address[] orderedCandidates);

+ event RoundCompleted( uint256 roundNumber, address[] remainingCandidates, address eliminatedCandidate );

+ event PresidentSelected(address indexed newPresident, uint256 voteNumber);

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Appeal created

aeff Submitter

12 months ago

inallhonesty Lead Judge

12 months ago

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.