Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

ANYONE can vote using someone else's address on proposals via `recordVote()`

sunless_

Summary

In contract veRAACToken, recordVote() is set to external, where ANYONE can pass any voter address and proposalId to vote on proposals without their permission.

Vulnerability Details

In contract veRAACToken, the function recordVote() is accessible by everyone. Therefore, anyone can pass any address for the voter and proposalId.
recordVote()

function recordVote(
address voter,
uint256 proposalId
) external {
if (_hasVotedOnProposal[voter][proposalId]) revert AlreadyVoted();
_hasVotedOnProposal[voter][proposalId] = true;
uint256 power = getVotingPower(voter);
emit VoteCast(voter, proposalId, power);
}

This would allow anyone to use someone else's address to vote on proposals without their permission.

This should NOT be the intended behaviour, and may result in unintended consequences as the mapping _hasVotedOnProposal could be used for important state change.

Impact

Anyone can vote on proposals using someone else's address

Tools Used

Manual

Recommendations

Consider removing the voter address from the parameter, and replace voter address variable with msg.sender. So that, only the owner of account could vote on proposals.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::recordVote lacks access control, allowing anyone to emit fake events

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.