search

code-423n4 / 2023-11-zetachain-findings

0 stars 0 forks source link

Incorrect Ballot result if BallotThreshold is less than 0.5 #494

Closed c4-bot-7 closed 11 months ago

c4-bot-7 commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-zetachain/blob/b237708ed5e86f12c4bddabddfd42f001e81941a/repos/node/x/observer/types/ballot.go#L37-L65

Vulnerability details

Impact

When the BallotThreshold is set to less than 0.5, there is an issue with the calculation of the ballot result. In such case, the ballot will be considered successful or failed depending on the order of messages. Specifically, in line 52-63, the execution checks only whether the number of votes for one type (success or failure) exceeds the BallotThreshold whiteout taking care of the result.

Consequently, when the BallotThreshold is less than 0.5, the ballot result will be influenced only by the sequence of votes. For example, if the BallotThreshold is set to 0.4 and failure votes are cast before the success ones, the ballot result will be failed even if the overall result is 41% failure and 59% success.

Tools Used

Manual review

Recommended Mitigation Steps

The BallotThreshold should be enforced to be major than 0.5 or the calculation of the Ballot result should be reworked to take into account all the votes.

Assessed type

Other

DadeKuma commented 11 months ago

Seems intended design

c4-pre-sort commented 11 months ago

DadeKuma marked the issue as insufficient quality report

c4-pre-sort commented 11 months ago

DadeKuma marked the issue as primary issue

c4-judge commented 11 months ago

0xean marked the issue as unsatisfactory: Insufficient proof