Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Vote Recording Function Vulnerable to Front-Running DoS

holydevoti0n

Summary

The recordVote function in veRAACToken can be exploited by attackers to prevent legitimate users from voting by front-running their transactions and marking them as having already voted.

Vulnerability Details

The recordVote function allows any address to record a vote for any voter without authorization:

function recordVote(
address voter,
uint256 proposalId
) external {
// @audit-issue anyone can vote on behalf of anyone
if (_hasVotedOnProposal[voter][proposalId]) revert AlreadyVoted();
_hasVotedOnProposal[voter][proposalId] = true;
uint256 power = getVotingPower(voter);
emit VoteCast(voter, proposalId, power);
}

The issue is that there's no validation to ensure that:

  1. The caller is the actual voter

  2. The caller is the Governance contract

  3. The voter actually intended to cast a vote

Impact

  • Attackers can front-run legitimate voting transactions and mark users as having voted

  • Users can be permanently prevented from voting on specific proposals

  • The governance system can be manipulated by blocking specific voters

Tools Used

Manual Review

Recommendations

Restrict the function to be called only by the Governance contract or require the voter to be the caller.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::recordVote lacks access control, allowing anyone to emit fake events

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!