President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Incorrect TYPEHASH declaration

jporter

Summary

The TYPEHASH variable declared on line 23 uses the incorrect function signature. This means that the structHash generated on line 54 as well as the resulting hash on line 55 will be incorrect. Accordingly, the signer address recovered by the call to ECDSA.recover() will return an incorrect or invalid address.

Vulnerability Details

Due to the issue mentioned above, any call to rankCandidateBySig() will result in the recovery of an incorrect or invalid signer address. This means that calls to verify the address of the signer within _rankCandidates() will fail making it impossible for anyone to submit a vote unbehalf of a valid voter.

Impact

The ability for voters to sign an un-sent transaction so others can spend the gas to cast their vote will be unusable.

Tools Used

Manual Review

Recommendations

Change the code on line 23 to:

bytes32 public constant TYPEHASH = keccak256("rankCandidates(address[])");

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Typehash hashes the wrong function input.

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.