President Elector

Summary

In the RankedChoice contract, the list of voters is immutable and set during contract deployment. If there are no voters in the VOTERS list, the voting mechanism will fail to function as intended. This is because the election process relies on votes from eligible addresses to rank candidates and select a president. The absence of voters can cause the election process to break down, leading to a complete halt in governance functionality.

Vulnerability Details

The contract's design is dependent on the presence of voters in the predefined VOTERS list. If the list is empty or improperly initialized with zero addresses, no rankings can be submitted, preventing the contract from performing its core function of selecting a president, the selectPresident function aggregates votes from all voters. In the absence of votes, the recursive elimination process will not work, potentially causing the function to fail entirely.

Impact

The contract’s purpose of running elections and selecting a president becomes impossible without voters, leading to a breakdown in governance.
Future elections will be impossible to conduct, resulting in a permanent stalemate where the current president continues indefinitely without a mechanism to remove or replace them.

Tools Used

Manual Review

Recommendations

Add a check in the constructor to verify that the VOTERS list contains at least one address. If the list is empty, revert the transaction to prevent the contract from being deployed in an unusable state.