President Elector
First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

New President can be selected just after the contract's deployment

k3ysk1lls

Summary

The election of the first president is not time-limited. Therefore, it can be selected right after submitting the rankCandidates() function at least once.

Vulnerability Details

During contract deployment the s_previousVoteEndTimeStamp variable is set to 0. If `block.timestamp' is older than 4 years, it is possible to elect a new president. An attacker can vote immediately after the contract deployment and select the president.

Impact

Immediately after deploymnet first voter can vote for their candidate and run selectPresident() function to set new president for the next 4 years.

Tools Used

In the setUp() funciton (in RankedChoice.t.sol), just before deploying the rankChoice contract insert the following line so to modify timestamp of deployment (by default it is set to 1 by foundry which is unrealistic).

vm.warp(1641070800);

Then run the following test:

function testSelectPresidentJustAfterDeployment() public {
orderedCandidates = [candidates[0]];
vm.prank(voters[0]);
rankedChoice.rankCandidates(orderedCandidates);
rankedChoice.selectPresident();
assertEq(rankedChoice.getCurrentPresident(), candidates[0]);
}

Recommendations

Set s_previousVoteEndTimeStamp variable to present timestamp during the deployment by adding the line to the constructor() function:

constructor(address[] memory voters) EIP712("RankedChoice", "1") {
VOTERS = voters;
i_presidentalDuration = 1460 days;
s_currentPresident = msg.sender;
s_voteNumber = 0;
+ s_previousVoteEndTimeStamp = block.timestamp;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`s_previousVoteEndTimeStamp` variable not being initialized correctly

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.