Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[L-03] Implicit double-voting prevention in DAO voting system #53

Open
softstackio opened this issue Dec 10, 2024 · 0 comments · May be fixed by #68
Open

[L-03] Implicit double-voting prevention in DAO voting system #53

softstackio opened this issue Dec 10, 2024 · 0 comments · May be fixed by #68
Assignees
@MSalman6

Comments

@softstackio
Copy link

Severity: Low
Likelihood: Medium

Description:

The DiamondDao contract implements a voting system for proposals using an EnumerableSet to track voters and a mapping to store vote records. While the current implementation implicitly prevents double-voting by overwriting previous votes, it lacks
explicit checks and clear feedback mechanisms to handle attempted double-voting scenarios.

Recommendation:

  1. Implement an explicit check for existing votes:
function _submitVote(address voter, uint256 proposalId, Vote _vote, string memory reason) private {
    _requireState(proposalId, ProposalState.Active);
    require(!_proposalVoters[proposalId].contains(voter), "Already
voted");
    require(_proposalVoters[proposalId].add(voter), "Failed to record
voter");
    votes[proposalId][voter] = VoteRecord({
        timestamp: uint64(block.timestamp),
        vote: _vote,
        reason: reason
    });
}
  1. Consider adding a separate function for vote changes if that's an intended feature:
function changeVote(uint256 proposalId, Vote newVote) external {
    require(_proposalVoters[proposalId].contains(msg.sender), "No
previous vote found");
    // Update vote logic here
}
@softstackio softstackio changed the title [L-04] Implicit double-voting prevention in DAO voting system [L-03] Implicit double-voting prevention in DAO voting system Dec 10, 2024
MSalman6 added a commit to MSalman6/diamond-contracts-dao that referenced this issue Jan 24, 2025
@MSalman6
Fix DMDcoin#53: Implicit double-voting prevention and separate change…
118b942 
…Vote functionality
MSalman6 added a commit to MSalman6/diamond-contracts-dao that referenced this issue Jan 24, 2025
@MSalman6
Fix DMDcoin#53: Implicit double-voting prevention and separate change…
164eb47 
…Vote functionality
@MSalman6 MSalman6 linked a pull request Jan 27, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MSalman6 MSalman6

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Audit Fixes MSalman6/diamond-contracts-dao
2 participants
@MSalman6 @softstackio