Upgraded Q -> 2 from #863 [1706966531278]

[c4-judge]

Judge has assessed an item in Issue #863 as 2 risk. The relevant finding follows:

[L-05]The vote is ineffective. Votes can still be cast after the completionTimestamp.

https://github.com/code-423n4/2024-01-salty/blob/main/src/launch/BootstrapBallot.sol#L48

// Cast a YES or NO vote to start up the exchange, distribute SALT and establish initial geo restrictions. // Votes cannot be changed once they are cast. // Requires a valid signature to signify that the msg.sender is authorized to vote (being whitelisted and the retweeting exchange launch posting - checked offchain) function vote( bool voteStartExchangeYes, bytes calldata signature ) external nonReentrant { require( ! hasVoted[msg.sender], "User already voted" );

    // Verify the signature to confirm the user is authorized to vote
    bytes32 messageHash = keccak256(abi.encodePacked(block.chainid, msg.sender));
    require(SigningTools._verifySignature(messageHash, signature), "Incorrect BootstrapBallot.vote signatory" );

    if ( voteStartExchangeYes )
        startExchangeYes++;
    else
        startExchangeNo++;

    hasVoted[msg.sender] = true;

    // As the whitelisted user has retweeted the launch message and voted, they are authorized to the receive the airdrop.
    airdrop.authorizeWallet(msg.sender);
    }

finalizeBallot allows anyone to call. And finalizeBallot can be called immediately once completionTimestamp is reached. Users can observe the voting process and immediately front-run favorable outcomes for themselves once the completionTimestamp is reached. Votes cast by users after this point will be ineffective. This could impact credibility.

[c4-judge]

Picodes marked the issue as duplicate of #1047

[c4-judge]

Picodes marked the issue as duplicate of #37

[c4-judge]

This auto-generated issue was withdrawn by Picodes