Summary

Because all votes are stored publicly on-chain without any hashing or obfuscation, an attacker can monitor the current voting state and adjust their vote accordingly to manipulate the election outcome. This undermines the privacy of voters and the integrity of the election. You may argue that votes are only trusted but person who pays gas fee may involve choose which transection need to send and which not to .

Vulnerability Details

• Affected Functions: rankCandidates, rankCandidatesBySig, and data storage in s_rankings

• Issue Explanation:

  • Public Vote Storage: Voters' ranked choices are stored in publicly accessible mappings without any encryption.

  • Real-Time Monitoring: Attackers can read the state of s_rankings to see all current votes.

  • Strategic Voting: By knowing how others have voted, an attacker can change their own vote up until the election is concluded to influence the outcome.

  • No Vote Finality: Voters can overwrite their votes by calling _rankCandidates multiple times, leading to potential manipulation.

Impact

Severity: Medium

• Privacy Violation: Voters' choices are exposed, violating their privacy.

• Election Manipulation: Attackers can adjust their strategies based on real-time data to influence results.

• Voter Coercion: Possibility of voters being coerced based on their voting patterns.

Tools Used

• Blockchain Explorers: To read contract storage and monitor votes.

• Smart Contract Interaction Scripts: For automating the reading and analysis of s_rankings.

Recommendations

• Implement Vote Privacy:

  • Hash Votes: Store only hashed versions of votes during the voting period.

    mapping(address => bytes32) private s_voteCommitments;

  • Commit-Reveal Scheme: As previously recommended, use a two-phase commit-reveal process to keep votes secret during the voting phase.

    • Commit Phase: Voters submit a hash of their vote along with a nonce.

    • Reveal Phase: Voters submit their actual vote and nonce for verification.

• Delayed Vote Publication:

  • Only reveal votes after the election concludes to prevent strategic manipulation.

• Encrypt Votes Off-Chain:

  • Utilize off-chain solutions where votes are stored and only the final tally is submitted on-chain.