The contract contains a constant storage variable bytes32 public constant TYPEHASH = keccak256("rankCandidates(uint256[])")
.
It defines a hash for a specific function signature rankCandidates(uint256[])
. However, this does not match the actual input type used in the rankCandidates
function, where the parameter is an array of addresses: address[] memory orderedCandidates
:
The TYPEHASH
is used in the rankCandidatesBySig
function to create a structured data hash for EIP-712 typed data signatures. Since the TYPEHASH
does not match the parameter type of the rankCandidates
function, the hash used for signature verification will differ from the hash that the voter signed off-chain. Consequently, when the rankCandidatesBySig
function attempts to recover the signer's address from the provided signature, it is likely to yield an address that does not correspond to the actual voter's address.
The incorrect TYPEHASH
causes the signature verification process to fail, as the recovered address (signer) from the signature will likely not be correct and do not correspond to the actual voter address, effectively breaking the whole functionality of the rankCandidatesBySig
function. As a result legitimate voters will not be able to submit their votes using the rankCandidatesBySig
function which invokes the _rankCandidates
function.
Manual review, vscode
Consider making the following changes to the TYPEHASH
constant:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.