President Elector

First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Valid

Audit of RankedChoice Smart Contract

Incorrect TYPEHASH in rankCandidatesBySig

The TYPEHASH constant is incorrectly defined as:

bytes32 public constant TYPEHASH = keccak256("rankCandidates(uint256[])");

bytes32 public constant TYPEHASH = keccak256("rankCandidates(uint256[])");

However, the orderedCandidates parameter is an array of address, not uint256. This mismatch leads to incorrect hash calculations, causing signature verifications to fail or allowing malicious actors to forge signatures.

Recommendation:

Update the TYPEHASH to match the correct data type:

bytes32 public constant TYPEHASH = keccak256("rankCandidates(address[])");

bytes32 public constant TYPEHASH = keccak256("rankCandidates(address[])");

Ensure that all hashing and signature recovery processes use the correct data types to maintain the integrity of the signature verification.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Typehash hashes the wrong function input.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.