Improper time check allows premature president selection in `selectPresident`.
Description
The selectPresident() function is designed to select a new president after a specific duration (1460 days). However, the storage variable s_previousVoteEndTimeStamp, which is crucial for tracking when the last vote took place, is not explicitly initialized in the constructor. By default, it holds a value of 0. As a result, when block.timestamp - s_previousVoteEndTimeStamp is evaluated for the very first time, it will be significantly greater than i_presidentalDuration (1460 days), because block.timestamp represents the current Unix timestamp in seconds.
Consequently, the function can be called right after the contract deployment, allowing for an immediate president selection without adhering to the expected 4-year term.
Impact
The president can be selected immediately after the contract deployment, bypassing the intended 4-year waiting period. This compromises the integrity of the election process.
Tools Used
Manual review, vscode
Recommended Mitigation
In the contract's constructor, ensure that the s_previousVoteEndTimeStamp is initialized with the actual timestamp of the most recent past election or the current timestamp to mark the first election. Consider making the following changes:
Lead Judging Commences
`s_previousVoteEndTimeStamp` variable not being initialized correctly
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.