President Elector

First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Invalid

⁷Missing Input Validation in rankCandidatesBySig()

Summary

The rankCandidatesBySig() function lacks a check to ensure that the orderedCandidates array does not exceed the maximum allowed number of candidates (MAX_CANDIDATES). A voter could bypass the limit of candidates by submitting a signed message, allowing them to rank more candidates than allowed.

Vulnerability Details

Impact

Bypassing the MAX_CANDIDATES limit can give a voter disproportionate influence in the election by allowing them to rank more candidates than permitted. This undermines the fairness of the voting process.

Proof of Concept:

The rankCandidates() function has a check for the maximum number of candidates, but the rankCandidatesBySig() function does not. A voter can submit a signed message ranking more than MAX_CANDIDATES candidates.

Tools Used

Manual Review

Recommendations

Add the same length check from rankCandidates() to rankCandidatesBySig() to ensure that voters cannot rank more candidates than allowed:

'''

if (orderedCandidates.length > MAX_CANDIDATES) {
revert RankedChoice__InvalidInput();
}

'''

Updates

Lead Judging Commences

inallhonesty Lead Judge
9 months ago
inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.