recordVote
function in veRaacToken.sol
allows everybody to record vote onBehalf of others
in recordVote
function in veRaacToken.sol
users record vote by giving input of address of Voter and proposal id to vote for specific proposal id
issue in here is users can give address of others for address of voter and function doesnt event check that if the address they give is matching with msg.sender
address or has allowed specific account to vote onbehalf of him
everybody can vote on behalf of others, there is no check to make sure caller has authorithy on voting on behalf of them or owns the voter address in anyway its just open to everybody. and probably will cause voting manipulations and creates whole lot of issues which would eventually cause really costly attacks
vs code
consider adding a check that reverts if caller msg.sender is not voter address
or consider adding mechanism where user gives allowance for other user to vote on behalf of them
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.