Lack of parameter making the signature unique induces risks of signature replay attack
Summary
The contract allows for voters to delegate their vote to another user, to save on gas. The signature does not hold a usage limit, so anyone with a valid signature could re-use the voters' votes, even if the voter wishes to vote for other candidates.
Vulnerability Details
The RankedChoice::rankCandidatesBySig function allows caller to re-use the same signature multiple times.
This would result in a malicious user being able to force the votes of candidates, even if the voter wishes to change it, and through different presidential elections.
Impact
If the voter wishes to change their vote, a malicious user could force the votes from the signature.
Recommendations
We need every signatures to be used only once by this function. We can use a mapping(address voter => uint ctr) ctrVotesDelegated to hold the number of times a user delegated their votes, and add a uint ctr in the rankCandidatesBySig function that checks for the actual value of ctrVotesDelegated, so the signature could not be re-used.
Lead Judging Commences
Replay Attack - The same signature can be used over and over
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.