Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

veRAACToken::recordVote doesn't implement access control

oxaudron

Summary

recordVote is a function implemented in veRAACToken which is used to record a vote for a proposal. However the function doesn't implement access control mechanism which makes it callable by any user with the arbitrary voter address on behalf of anyone due to lack of validation.

Vulnerability Details

So you can check this function - recordVote which takes votes based on the arbitrary address passed to it as argument and for any proposal

function recordVote(
address voter,
uint256 proposalId
) external {
if (_hasVotedOnProposal[voter][proposalId]) revert AlreadyVoted();
_hasVotedOnProposal[voter][proposalId] = true;
uint256 power = getVotingPower(voter);
emit VoteCast(voter, proposalId, power);
}

Attack scenario :

  • Attacker creates a proposal with the proposalId - 1

  • Now attacker can call this recordVote() with different voter address and proposalId = 1

  • Proposal is passed

Impact

  • Ability to vote on behalf of anyone for any proposal

Tools Used

Manual Review

Recommendations

Change the code to following to fix this issue:

function recordVote(
address voter,
uint256 proposalId
) external {
voter = msg.sender
if (_hasVotedOnProposal[voter][proposalId]) revert AlreadyVoted();
_hasVotedOnProposal[voter][proposalId] = true;
uint256 power = getVotingPower(voter);
emit VoteCast(voter, proposalId, power);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::recordVote lacks access control, allowing anyone to emit fake events

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!