Voters can call the rankCandidates
external
function, or the rankCandidatesBySig
function, that calls an internal function to rank the candidates (_rankCandidates
). The voter passes through an ordered candidate list, with their ranking.
However, there is no checks for an address(0)
in rankCandidates or _rankCandidates. In the case of rankCandidatesBySig, the ECDSA.recover function calls an internal function in the ECDSA
contract that does check for an address(0), so this does not apply.
LOW. This is because the likelihood of voters actually voting for an `address(0)` is very low. However, This could mean that, potentially, an empty address could win the election, and therefore no one is the actual president!
In this little test I prove that a voter can pass through an `address(0)` to the `s_rankings` mapping: (I also added the attacker address to the setUp to be added to VOTERS).
Have a for loop that checks for address(0) in the `_rankCandidates`:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.