Insufficient Access Control in recordVote::veRAACToken.sol
Summary
recordVote responsible for recording a vote by a voter on a specific proposalId, lacks proper access control. It is marked as external, allowing any address (external accounts or contracts) to call it, and does not restrict who can invoke the function on behalf of a voter. This means anyone can call recordVote with any voter address, marking that voter as having voted on a proposal without their consent or authorization. The only check is _hasVotedOnProposal[voter][proposalId], which prevents double voting but does not verify the caller’s identity or authority.
Vulnerability Details
Impact
The absence of proper access control in recordVote has severe implications for the voting system:
-
Unauthorized Vote Recording:Any address can call recordVote(voter, proposalId) for any voter, setting _hasVotedOnProposal[voter][proposalId] = true and emitting a VoteCast event which
i)Prevents the legitimate voter from voting later due to the AlreadyVoted revert, effectively silencing them.
ii)Emits a misleading VoteCast event, which off-chain systems might interpret as a valid vote.
-
Voter Suppression:
Scenario: An attacker preemptively calls recordVote for all known voters on a proposalId.
Impact: Blocks legitimate voters from participating, undermining the governance process’s fairness and integrity.
Tools Used
Manual review
Recommendations
restrict access to msg.sender or an authourized user
Lead Judging Commences
veRAACToken::recordVote lacks access control, allowing anyone to emit fake events
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.