Potential Issue in `recordVote` Function of `veRAACToken` Contract
Summary
The recordVote function in the veRAACToken contract indeed has potential issues, particularly regarding its functionality and security.
Vulnerability Details
Lines:
-
Lack of Functionality:
The
recordVotefunction is intended to record a vote for a proposal, but it does not actually perform any meaningful action beyond marking that the voter has voted on a specific proposal. -
Missing Access Control:
The function lacks any form of access control, meaning that any external entity can call it. This could lead to unauthorized users being able to record votes on behalf of others or manipulate the voting process.
Impact
Without proper access control, malicious actors could exploit this function to cast votes without authorization, potentially skewing the results of proposals.
Tools Used
Manual Review
Recommendations
Recommend checking whether this function is intended needed. Otherwise, it should be modified to prevent abuse.
Lead Judging Commences
veRAACToken::recordVote lacks access control, allowing anyone to emit fake events
veRAACToken::recordVote lacks access control, allowing anyone to emit fake events
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.