President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Block Gas Limit Vulnerability in President-Elector

iamthesvn

Summary

The President-Elector smart contract is vulnerable to hitting the block gas limit, which could prevent the selection of a new president. This vulnerability is primarily due to unbounded loops in the selectPresident and _selectPresidentRecursive functions, which iterate over all voters and candidates, despite the number of candidates being capped at 10.

Relevant Links

https://github.com/Cyfrin/2024-09-president-elector/blob/fccb8e2b6a32404b4664fa001faa334f258b4947/src/RankedChoice.sol#L60-L93

https://github.com/Cyfrin/2024-09-president-elector/blob/fccb8e2b6a32404b4664fa001faa334f258b4947/src/RankedChoice.sol#L98-L157

Vulnerability Details

The vulnerability stems from two main issues:

The selectPresident function iterates over all voters and their ranked candidates (up to 10).
The _selectPresidentRecursive function performs multiple nested loops over all voters and candidates (up to 10) in each round of the selection process.

As the number of voters increases, the gas consumption of these functions grows linearly, potentially exceeding the block gas limit.

Proof Of Concept

Consider a scenario with a large number of voters (e.g., 10,000) and the maximum number of candidates (10). The selectPresident function would need to iterate 10,000 * 10 = 100,000 times in the worst case. Subsequently, _selectPresidentRecursive would need to perform this operation multiple times, once for each round of elimination (up to 9 times with 10 candidates).

With a large number of voters, even though candidates are capped at 10, these nested loops could still exceed the block gas limit, making it impossible to select a new president.

Impact

The impact of this vulnerability is significant:

It could prevent the selection of a new president, effectively freezing the governance process.
It makes the contract unusable as the number of voters increases, even with the candidate limit of 10.
It could lead to centralization risks if only entities with high gas limits (like certain MEV bots) can execute the function.

Tools Used

Manual review

Recommendations

Implement a phased voting system where vote counting is done in batches.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Validated

Assigned finding tags:

A high number of candidates could cause an OOG

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.