President Elector

First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

First president can be re-elected immediately

Summary

The s_currentPresident declared in the constructor can be re-elected immediately because s_previousVoteEndTimeStampis 0.

Vulnerability Details

The s_currentPresident can be re-elected immediately because s_previousVoteEndTimeStamp is 0 because it is not initialized in the constructor. When deploying a contract, s_currentPresident is initialized, which can be re-elected immediately in the selectPresident function, since the first time the function is called, s_previousVoteEndTimeStamp will be 0, and the re-election condition in the selectPresident function will always be false the first time selectPresident is called in the contract.

function selectPresident() external {
if (block.timestamp - s_previousVoteEndTimeStamp <= i_presidentalDuration) {
revert RankedChoice__NotTimeToVote();
}

Impact

The first president in the contract can be re-elected immediately, without waiting for 1460 days.

Tools Used

Manual code review

Recommendations

Initialize s_previousVoteEndTimeStamp in the constructor with the value block.timestamp

constructor(address[] memory voters) EIP712("RankedChoice", "1") {
VOTERS = voters;
i_presidentalDuration = 1460 days;
s_currentPresident = msg.sender;
+ s_previousVoteEndTimeStamp = block.timestamp;
s_voteNumber = 0;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`s_previousVoteEndTimeStamp` variable not being initialized correctly

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.