Wrong Handling of Candidates with Equal Votes in _selectPresidentRecursive
Summary
The _selectPresidentRecursive function in the RankedChoiceVoting contract is responsible for recursively selecting the president based on ranked choices from voters. However, the current implementation does not handle cases where multiple candidates have the same number of votes. In such scenarios, the function removes the first candidate in the array with the fewest votes, potentially leading to unfair outcomes if there are ties.
Vulnerability Details
Issue: The _selectPresidentRecursive function does not include any logic for handling ties when multiple candidates have the same number of votes. When candidates have an equal number of votes, the function removes the first candidate found with the fewest votes, which could be arbitrary and unfair if there is no further tie-breaking logic.
Impact
Unfair Outcomes: Candidates with equal votes are not given a fair chance, as the function does not determine how to break ties beyond removing the first candidate found. This can lead to suboptimal or undesired outcomes in the election.
Potential for Bias: The arbitrary removal of the first candidate with the fewest votes could introduce bias, as it does not consider any additional criteria for tie-breaking.
Tools Used
Manual Review
Recommendations
Introduce a tie-breaking mechanism to handle cases where multiple candidates have the same number of votes. This could involve additional criteria or a secondary method for selecting the candidate to remove.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.