DOS if VOTERS is too big (Deny Of Service)
Summary
If VOTERS is too big, the execution of the selectPresident() function will fail.
Vulnerability Details
The selectPresident() function calls _selectPresidentRecursive() at line 79 of RankedChoice.sol.
If VOTERS (address[] private VOTERS) is too big, the gas consumed will exceed the block gas limit causing the execution of the _selectPresidentRecursive() function to fail.
Then, there will be no way to select the new president.
And there is no way to change the VOTERS list because it was loaded at the construction of the contract (in the constructor() function):
nor change the 'vote number' => s_voteNumber, because it is incremented at the end of the _selectPresidentRecursive() function => RankedChoice.sol#L92.
Impact
There will be no way to select the new president, change the VOTERS list nor change the vote number to bypass the execution failure.
But in an election of a President, VOTERS will automatically be a huge array, then in production it will fail eventually.
Tools Used
Github, VisualCode.
Recommendations
You can not loop a really huge array because of the block gas limit (which is in place to avoid an infinite transaction loop attack on the blockchain).
The design choice needs to be rethought to avoid looping VOTERS.
Lead Judging Commences
[INVALID] A high number of voters can lead to OOG in selecting the president
Appeal created
[INVALID] A high number of voters can lead to OOG in selecting the president
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.