President Elector

First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Valid

No Upper Bound for Candidate Votes (Out of Gas Risk)

Summary

The selectPresident function iterates through all voters and candidates, which can lead to excessive gas usage if the candidate list grows too large. This can result in out-of-gas errors or inefficient execution.

Vulnerability Details

The selectPresident function iterates through all voters and candidates to tally votes. If the number of candidates grows too large, especially after multiple rounds of voting, this can lead to excessive gas usage. This is particularly concerning if the candidateList is large or grows over time.

Impact

This could prevent the election from being completed, blocking the selection of a new president and rendering the contract unusable during such elections.

Tools Used

Manual

Recommendations

Enforce a maximum limit on the number of candidates that can participate in any single election. This ensures that the candidate list remains manageable and avoids excessive gas usage.

uint256 private constant MAX_CANDIDATES = 10;
function selectPresident() external {
if (s_candidateList.length > MAX_CANDIDATES) {
revert RankedChoice__InvalidInput();
}
// so....
}

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

A high number of candidates could cause an OOG

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.