President Elector
First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Lack of Time Tracking in Constructor Enables Potential Overstaying of Presidency

whizz1

Summary

The contract lacks time tracking when the initial president is selected at the constructor, allowing a malicious president to overstay their tenure.

Vulnerability Details

Without tracking the start time of a president's term, the contract cannot enforce term limits, enabling a president to remain in power indefinitely.

Impact

Without proper time tracking and validation, a president could potentially remain in office beyond their term by manipulating or bypassing the time checks. Governance decisions will be stalled or influenced by an overstaying president.

Tools Used

Manual code review

Recommendations

Add a timestamp in the constructor to track when the president's term starts.
Enforce term limits by comparing timestamps.
Emit events for better transparency.

constructor(address[] memory voters, uint256 _previousVoteEndTimeStamp) EIP712("RankedChoice", "1") {
@> + s_previousVoteEndTimeStamp = _previousVoteEndTimeStamp;
+ require(block.timestamp < s_previousVoteEndTimeStamp + 1460 days, "Voting period has ended");
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
12 months ago
inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.