Submission Details
Severity:
Anyone can vote on someone else's behalf and steal their voting power
Description & Impact
The current implementation allows anyone to call recordVote() for any address, thus stealing anyone's voting power:
function recordVote(
address voter,
uint256 proposalId
) external {
if (_hasVotedOnProposal[voter][proposalId]) revert AlreadyVoted();
_hasVotedOnProposal[voter][proposalId] = true;
uint256 power = getVotingPower(voter);
emit VoteCast(voter, proposalId, power);
}
Mitigation
function recordVote(
address voter,
uint256 proposalId
) external {
+ // Ensure only the voter can record their own vote
+ require(msg.sender == voter, "Only voter can record their vote");
if (_hasVotedOnProposal[voter][proposalId]) revert AlreadyVoted();
_hasVotedOnProposal[voter][proposalId] = true;
uint256 power = getVotingPower(voter);
emit VoteCast(voter, proposalId, power);
}
Updates
Lead Judging Commences
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
veRAACToken::recordVote lacks access control, allowing anyone to emit fake events
Appeal created
t0x1c
about 2 months ago
inallhonesty
about 2 months ago
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
veRAACToken::recordVote lacks access control, allowing anyone to emit fake events
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.