President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Signature Replay Attack

ivanonchain

Description
In the RankedChoice.sol::rankCandidatesBySig function, there is no nonce or deadline mechanism implemented. This makes the signature reusable across different voting rounds. A malicious actor could reuse a previously valid signature in a future presidential elections

Impact
A malicious actor could reuse the signature in future votes rounds to corrupt the integrity of the elections

Recommended mitigation
Implement a nonce system tied to the voting number or a deadline to ensure each signature is used only once per vote.

Updates

Lead Judging Commences

inallhonesty Lead Judge

12 months ago

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Replay Attack - The same signature can be used over and over

Appeal created

ivanonchain Submitter

12 months ago

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Replay Attack - The same signature can be used over and over

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.