President Elector
First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Check for empty candidateList is missing - halts further smart contract execution

iamdevluke

Summary

In the case that no voter did submit a vote during the presidentialDuration (1460 days), the function selectPresident will revert and the whole smart contract becomes unusuable.

Vulnerability Details

In the selectPresidentRecursive function, there is no check if the array s_candidateList is empty. This should in theory not happen given the timeframe of the presidentialDuration, but should still be check nevertheless. If the duration is over and no one voted, the smart contract is broken and no more presidents can be chosen.

Impact

The smart contracts stops working as no one can vote or choose a president.

Tools Used

Forge

Recommendations

Add a check in selectPresidentRecursive to verify if s_candidateList is empty or not. If it's empty, return the current president (as this would probably mean that everyone is fine with the status quo, hence no one submitted a vote) :

//check if at least one vote has been submitted
//if not - return current president
if (candidateList.length == 0) {
address[] memory president = new address[]();
president[0] = s_currentPresident;
return president;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.