President Elector

First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Valid

Audit of RankedChoice Smart Contract

Incorrect TYPEHASH in rankCandidatesBySig

The TYPEHASH constant is incorrectly defined as:

bytes32 public constant TYPEHASH = keccak256("rankCandidates(uint256[])");

bytes32 public constant TYPEHASH = keccak256("rankCandidates(uint256[])");

However, the orderedCandidates parameter is an array of address, not uint256. This mismatch leads to incorrect hash calculations, causing signature verifications to fail or allowing malicious actors to forge signatures.

Recommendation:

Update the TYPEHASH to match the correct data type:

bytes32 public constant TYPEHASH = keccak256("rankCandidates(address[])");

bytes32 public constant TYPEHASH = keccak256("rankCandidates(address[])");

Ensure that all hashing and signature recovery processes use the correct data types to maintain the integrity of the signature verification.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Typehash hashes the wrong function input.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.