Duplicate Candidates in rankCandidates()
Summary
The rankCandidates() and rankCandidatesBySig() functions allow a voter to submit an array of ordered candidates for ranking. However, the contract does not enforce that each candidate can only be ranked once by a voter. A voter can include the same candidate multiple times in their ranking list, giving an unfair advantage to that candidate.
Impact
If a voter ranks the same candidate multiple times, that candidate may receive an inflated number of votes, affecting the fairness of the election. This could lead to skewed results, where candidates are unfairly prioritized due to duplicate entries.
'''
address;
orderedCandidates[0] = address(0x123);
orderedCandidates[1] = address(0x123);
orderedCandidates[2] = address(0x456);
rankedChoice.rankCandidates(orderedCandidates);
'''
In this scenario, the same candidate (0x123) is ranked twice, giving it an unfair advantage.
Tools Used
Manual Review
Recommendations
Implement a check within _rankCandidates() and rankCandidatesBySig() to ensure that no candidate appears more than once in the orderedCandidates array. An easy way to do this is by iterating over the array and checking for duplicates before recording the ranking.
Lead Judging Commences
rankCandidates() allows duplicate votes inside the `orderedCandidates` array
Appeal created
rankCandidates() allows duplicate votes inside the `orderedCandidates` array
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.