Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Vote Griefing Through Unrestricted `recordVote` Function

skidd0016

Link to Affected Code:

VOTE

function recordVote(

address voter,

uint256 proposalId

) external {

if (_hasVotedOnProposal[voter][proposalId]) revert AlreadyVoted();

// @audit no access control

_hasVotedOnProposal[voter][proposalId] = true;

uint256 power = getVotingPower(voter);

emit VoteCast(voter, proposalId, power);

}

Description:
The recordVote function lacks access control mechanisms, allowing any address to record votes on behalf of other users. This enables malicious actors to mark legitimate voters as having already voted before they can actually cast their vote, effectively censoring their voting power.

Impact:

Voter censorship through preemptive vote recording
Manipulation of governance outcomes by blocking strategic voters
No way for legitimate voters to override the griefing

Proof of Concept:
It can happen following this steps:

An attacker calls the the recordVote function with address they want to grief
The function passes because there is no access control and the function set _hasVotedOnProposal[voter][proposalId] = true;
When a legitimate user that was griefed tries to vote , this call reverts if (_hasVotedOnProposal[voter][proposalId]) revert AlreadyVoted();
So they cant vote for a proposal because it was recorded in the system that they already voted!

Recommended Mitigation:

Add msg.sender validation:

function recordVote(uint256 proposalId) external {

if (_hasVotedOnProposal[msg.sender][proposalId]) revert AlreadyVoted();

_hasVotedOnProposal[msg.sender][proposalId] = true;

uint256 power = getVotingPower(msg.sender);

emit VoteCast(msg.sender, proposalId, power);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

veRAACToken::recordVote lacks access control, allowing anyone to emit fake events

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.