President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Lack of Access Control for `selectPresident`

mishraji874

Description: The selectPresident function can be called by any external account, which means any user can trigger the election process to select a new president. This lack of access control could lead to unauthorized or premature elections.

Impact:

Unauthorized Elections: Without proper access control, any user can trigger the election process, potentially disrupting the intended election schedule or process.
Premature Elections: Users could call selectPresident before the community is ready, leading to unexpected changes in leadership.

Proof of Concept: Any user can call the function without restriction:

rankedChoice.selectPresident();

Recommended Mitigation:

Access Control: Implement access control to restrict who can call the selectPresident function. This could be limited to a specific role or set of addresses (e.g., an admin or governance contract).
Time-Based Restrictions: Ensure that the function can only be called after a certain period or under specific conditions to prevent premature elections.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.