President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Initializing large number of voters in constructor of `RankedChoice` can exceed gas limit, causing the contract deployment to fail

BigDog

Description

The constructor function gets passed an array of voters, and assign this to the private VOTERS[]. If >1000 addresses are sent to the constructor, this can cause the deployment cost of the contract to exceed 30 million gwei, the current block limit in Ethereum.

Impact

Attempting to deploy this contract with >1000 addresses could result in a failed deployment, costing the deployer gas. Alternatively, this limitation will not allow for more than ~1000 voters to participate in the elections.

Proof of Concept

function testLargeNumberOfVoters() public {

uint256 numberOfVoters = 1000;

address[] memory largeVoterArray = new address[]();

for (uint256 i = 0; i < numberOfVoters; i++) {

largeVoterArray[i] = address(uint160(i + 1));

}

// Measure gas used for deployment

uint256 gasBefore = gasleft();

rankedChoice = new RankedChoice(largeVoterArray);

uint256 gasAfter = gasleft();

console.log("Gas used:", gasBefore - gasAfter);

// Verify that the contract was deployed successfully

assertTrue(address(rankedChoice) != address(0), "Contract deployment failed");

}

Output:

With 1000 voters:

[PASS] testLargeNumberOfVoters() (gas: 23839071)
Logs:
Gas used: 23612108

With 1500 voters:

[PASS] testLargeNumberOfVoters() (gas: 35211031)
Logs:
Gas used: 34872617

Recommendations

Implement a voter registration system where voters can be added after contract deployment, either by self-registration or by an admin. This distributes the gas cost across multiple transactions and allows for a dynamic voter base. This could also allow for new voters to be added for future elections, which is a missing functionality of the current contract implementation.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

[INVALID] A high number of voters can lead to OOG in selecting the president

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!