Incorrect `TYPEHASH` constant variable declaration in `RankedChoice.sol`.
Description
The contract contains a constant storage variable bytes32 public constant TYPEHASH = keccak256("rankCandidates(uint256[])").
It defines a hash for a specific function signature rankCandidates(uint256[]). However, this does not match the actual input type used in the rankCandidates function, where the parameter is an array of addresses: address[] memory orderedCandidates:
The TYPEHASH is used in the rankCandidatesBySig function to create a structured data hash for EIP-712 typed data signatures. Since the TYPEHASH does not match the parameter type of the rankCandidates function, the hash used for signature verification will differ from the hash that the voter signed off-chain. Consequently, when the rankCandidatesBySig function attempts to recover the signer's address from the provided signature, it is likely to yield an address that does not correspond to the actual voter's address.
Impact
The incorrect TYPEHASH causes the signature verification process to fail, as the recovered address (signer) from the signature will likely not be correct and do not correspond to the actual voter address, effectively breaking the whole functionality of the rankCandidatesBySig function. As a result legitimate voters will not be able to submit their votes using the rankCandidatesBySig function which invokes the _rankCandidates function.
Tools Used
Manual review, vscode
Recommended Mitigation
Consider making the following changes to the TYPEHASH constant:
Lead Judging Commences
Typehash hashes the wrong function input.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.