President Elector

Summary

The RankedChoice smart contract implements a ranked voting system where voters rank candidates and the president is chosen through a series of eliminations. The list of voters (VOTERS) is immutable, meaning it cannot be altered after contract deployment. This feature ensures that only predefined voters can participate in elections, enhancing fairness and preventing external interference in the voting process. However, this design choice can lead to potential issues regarding voter flexibility and adaptability over time.

Vulnerability Details

The voters list is set during the contract’s deployment and is stored in the VOTERS array. Once this list is initialized in the constructor, there is no functionality provided to add, remove, or update voters

In this section, the VOTERS array is initialized when the contract is deployed and remains unchanged throughout the contract's lifecycle.

Impact

The immutability of the voters list can have the following consequences:

The inability to modify the voters list reduces the flexibility of the contract, particularly in situations where the voter base changes over time.
New eligible voters cannot be added, which may lead to disenfranchisement if the voter base evolves after the contract’s deployment.
If a voter becomes ineligible after the contract is deployed, there is no mechanism to remove them, which could allow them to participate in elections unfairly.
In dynamic environments where voter eligibility changes, this inflexibility could result in outdated or inaccurate elections.

Tools Used

Manual Review

Recommendations

Introduce functions to add, remove or update voters, with appropriate access controls to prevent unauthorized changes.