State Update Before Operation in `recordVote` Function
Description
The recordVote function in the veRAACToken.sol contract updates the _hasVotedOnProposal[voter][proposalId] state variable before confirming that the getVotingPower(voter) operation succeeds. This could lead to state inconsistencies if getVotingPower(voter) reverts, as the voter would be marked as having voted even though the vote was not successfully recorded.
Affected Code
Vulnerability Details
The recordVote function sets the _hasVotedOnProposal[voter][proposalId] flag to true before calling getVotingPower(voter). If getVotingPower(voter) reverts (e.g., due to an internal error or unexpected state), the voter will be marked as having voted, even though the vote was not successfully recorded. This could lead to the following issues:
State Inconsistency: The
_hasVotedOnProposalflag will be set totrueeven if the vote was not recorded, preventing the voter from retrying the vote.Gas Wastage: Gas spent on updating the
_hasVotedOnProposalflag will be wasted ifgetVotingPower(voter)reverts.User Experience: Voters may be confused if they are marked as having voted but their vote was not recorded, leading to frustration or mistrust in the system.
Tools Used
Manual Review
Recommended Mitigation Steps
Update the recordVote function to set the _hasVotedOnProposal[voter][proposalId] flag after confirming that getVotingPower(voter) succeeds. This ensures that the state is only updated if the vote is successfully recorded.
Here is the corrected implementation:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.