The number of new total votes is flawed when processing a vote for a direction
Summary
The function processVote is used in order to allow the user to vote on a specific direction. It factors in the users votingPower, which is the amount of tokens that are used to account for the weight of the user's vote.
Vulnerability Details
Initially, the user would call voteDirection with a direction value, and within it we calculate the totalVotes via a call to processVote with msg.sender's userVotes being passed in.
This would then allow us to call the internal function processVote where we set the newTotalVotes to totalVotes - vote.weight + votingPower;. Unfortunately, the newTotalVotes amount from an accounting perspective is inaccurate, as it should account for the user's voting weight and voting power.
Impact
Mismatch of the accounting of totalVotes.
Tools Used
Manual review
Recommendations
We should be adding the user's direction commit to the newTotalVotes with the weight applied as intended, rather than deducting it.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.