President Elector
First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Reentrancy Risk in `selectPresident`

mishraji874

Description: The selectPresident function modifies critical state variables before completing all logic. If future modifications introduce external calls, this could be exploited to manipulate the election process through reentrancy.

Impact:

  • State Manipulation: If external calls were introduced, an attacker could potentially reenter the function and alter the election results by manipulating state variables such as s_currentPresident, s_candidateList, and s_previousVoteEndTimeStamp.

Proof of Concept: Currently, no external calls exist in the function, so direct exploitation isn't possible. However, if external calls were added, reentrancy could be exploited as follows:

contract Malicious {
RankedChoice rankedChoice;
bool reentered = false;
constructor(address _rankedChoice) {
rankedChoice = RankedChoice(_rankedChoice);
}
function attack() external {
rankedChoice.selectPresident();
}
fallback() external payable {
if (!reentered) {
reentered = true;
rankedChoice.selectPresident();
}
}
}

Recommended Mitigation:

  • Use the "Checks-Effects-Interactions" Pattern: Ensure all state changes occur after all logic is complete and before any external calls.

  • Reentrancy Guard: Consider using a reentrancy guard (such as OpenZeppelin's ReentrancyGuard) to prevent reentrant calls.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.