Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

The `veRAACToken.sol` 's `recordVote` function can be used to exploit the users by recording votes on their behalf without their consent

hard1k

Summary

In the veRAACToken.sol the recordVotes function is used by users for recording votes for a specific proposal ID.

Vulnerability Details

In the veRAACToken.sol the recordVotes function is used by users for recording votes for a specific proposal ID. However the function is an external function and can be called by anyone , So any malicious user can come and record votes for any other users without them being knowing irrespective of if they want to vote on that specific proposal. And their vote will be recorded _hasVotedOnProposal mapping.

Tools Used

Manual Review

Recommendations

When updating the state in that function refactor it to using msg.sender instead of openly updating the voter param

Code Snippets

function recordVote(
address voter,
uint256 proposalId
) external {
if (_hasVotedOnProposal[voter][proposalId]) revert AlreadyVoted();
-> _hasVotedOnProposal[voter][proposalId] = true; //AUDIT- Anyone can call tis function and record votes on behalf of others
//even if they dont want to want on a certain proposal id
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::recordVote lacks access control, allowing anyone to emit fake events

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

veRAACToken::recordVote lacks access control, allowing anyone to emit fake events

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.