President Elector
First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

`RankedChoice::selectPresident` Does Not Follow CEI (Check, Effect, Interaction) Best Practice

elyas6126

Summary

The RankedChoice::selectPresident() function does not fully adhere to the Check-Effects-Interactions (CEI) pattern, which is a best practice for preventing reentrancy attacks and ensuring state consistency in smart contracts. In this case, the function performs complex internal logic to select a new president before updating the contract’s state, introducing potential risks to the contract’s safety and future extensibility.

Impact

Tools Used

Manual review

Recommendations

  • Check First: Verify all conditions and validate inputs before making any state changes or interacting with external contracts.

  • Effect Next: Perform all state changes after the checks. This ensures that any updates to the contract's state are only made if the conditions are met.

  • Interaction Last: Interact with external contracts or perform any calls that could be vulnerable to reentrancy attacks only after the state has been updated.

Implementing CEI improves the security and robustness of your smart contracts by mitigating potential vulnerabilities related to reentrancy and ensuring predictable behavior.

+ s_candidateList = new address[](0);
+ s_previousVoteEndTimeStamp = block.timestamp;
+ s_voteNumber += 1;
address[] memory winnerList = _selectPresidentRecursive(s_candidateList,0);
if (winnerList.length != 1) {
revert RankedChoice__SomethingWentWrong();
}
s_currentPresident = winnerList[0];
- s_candidateList = new address[](0);
- s_previousVoteEndTimeStamp = block.timestamp;
- s_voteNumber += 1;
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.