President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Lack of Time-Based Restrictions

brene

Summary

The RankedChoice smart contract allows voters to rank candidates for the election of a president. However, a potential vulnerability exists due to the absence of time-based restrictions on when voters can modify their votes. This could allow last-minute vote changes, potentially leading to manipulative voting behavior and unfair election outcomes.

Vulnerability Details

In the current implementation of the RankedChoice smart contract, voters can change their rankings at any time before the selectPresident function is called. Since there is no deadline or lock-in period for finalizing votes, this means voters have the flexibility to alter their choices as late as possible in the election process. This introduces an element of unpredictability and opens the system to strategic manipulation, where voters may wait for the results of others' rankings and adjust their votes accordingly.
Specifically, the contract lacks any function or mechanism that prevents vote changes after a certain period. The system only enforces the selection of the president after the presidentalDuration has passed but doesn’t limit voter activity within that time window.

Impact

The absence of time-based restrictions could lead to voters adjusting their rankings at the last moment, creating an unfair advantage for those with knowledge of others' rankings, late-stage vote changes could drastically shift the election results, rendering earlier votes less impactful and also decreased election integrity where without a clear voting deadline, the election process may appear less transparent and more susceptible to tactical voting.

Tools Used

Manual Review

Recommendations

Introduce a deadline or time-based restriction, such as a predefined voting period. Once the deadline is reached, votes should be locked, and no further changes to rankings should be allowed or modify the selectPresident function to only accept rankings that were finalized before the voting deadline. This ensures that the election results are based on the votes that were submitted within the allowed time window.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Voters can change their vote

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.