// Cast a YES or NO vote to start up the exchange, distribute SALT and establish initial geo restrictions.
// Votes cannot be changed once they are cast.
// Requires a valid signature to signify that the msg.sender is authorized to vote (being whitelisted and the retweeting exchange launch posting - checked offchain)
function vote( bool voteStartExchangeYes, bytes calldata signature ) external nonReentrant
{
require( ! hasVoted[msg.sender], "User already voted" );
// Verify the signature to confirm the user is authorized to vote
bytes32 messageHash = keccak256(abi.encodePacked(block.chainid, msg.sender));
require(SigningTools._verifySignature(messageHash, signature), "Incorrect BootstrapBallot.vote signatory" );
if ( voteStartExchangeYes )
startExchangeYes++;
else
startExchangeNo++;
hasVoted[msg.sender] = true;
// As the whitelisted user has retweeted the launch message and voted, they are authorized to the receive the airdrop.
airdrop.authorizeWallet(msg.sender);
}
finalizeBallot allows anyone to call. And finalizeBallot can be called immediately once completionTimestamp is reached. Users can observe the voting process and immediately front-run favorable outcomes for themselves once the completionTimestamp is reached. Votes cast by users after this point will be ineffective. This could impact credibility.
Judge has assessed an item in Issue #863 as 2 risk. The relevant finding follows:
[L-05]The vote is ineffective. Votes can still be cast after the completionTimestamp.
https://github.com/code-423n4/2024-01-salty/blob/main/src/launch/BootstrapBallot.sol#L48
// Cast a YES or NO vote to start up the exchange, distribute SALT and establish initial geo restrictions. // Votes cannot be changed once they are cast. // Requires a valid signature to signify that the msg.sender is authorized to vote (being whitelisted and the retweeting exchange launch posting - checked offchain) function vote( bool voteStartExchangeYes, bytes calldata signature ) external nonReentrant { require( ! hasVoted[msg.sender], "User already voted" );
finalizeBallot allows anyone to call. And finalizeBallot can be called immediately once completionTimestamp is reached. Users can observe the voting process and immediately front-run favorable outcomes for themselves once the completionTimestamp is reached. Votes cast by users after this point will be ineffective. This could impact credibility.