A voter can access the entire s_rankings
mapping at any time before the next election and manipulate the elections in their favour.
Private variables are not secure, and since the VOTERS
and the s_rankings
arrays are storage variables, any voter could check the storage of that contract and try and manipulate the contract.
Imagine the contract is deployed and visible on Etherscan. Bob is one of the voters and the only voter left to rank candidates. Bob decides to take a look at the storage of the contract at the time of deployment, and sees that there is a tie between 2 candidates, A and B. Bob now knows that his vote will decide the next President.
Manipulation of the elections for the next President.
Manual Review
Encrypt the rankings of the candidates (s_rankings
).
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.