[BUG] PoP Tokens are always valid on be1-go

Question

[BUG] PoP Tokens are always valid on be1-go

arnauds5 opened this issue 6 months ago · 0 comments

Description (Actual behavior)

The Go backend does not verify that a PoP Token was from the latest rollcall but checked against all PoP tokens ever.
It is possible to vote using PoP tokens from an older rollcall on the Go backend.

Expected behavior

Reject any vote if the PoP Token is not from the latest roll call (already done in Scala)

How to reproduce

Participate in a rollcall_1 with token_1
Don't participate in the next rollcall_2
Vote on an election (with the token_1)
The vote will be counted

Version & Environment

This bug was reproduced on:

Commit: 8f30905

Front-ends:

Fe1-Web (please include browser's names & version)
Fe2-Android (please specify if phone or emulation, and Android version)
Not applicable

Back-ends:

Be1-Go
Be2-Scala
Not applicable

Workaround

The Scala backend already checks that only PoP tokens from the latest roll call are valid.

Impact

It's possible to vote to an election without participating in the latest rollcall.
With a modified frontend, it can be possible to accumulate PoP tokens from multiple consecutive rollcalls and use them all on one election.

Possible root cause

When an election channel is created, the attendees valid keys are copied from the current keys on the Lao channel. Theses keys are only updated by adding each attendee of a rollcall#close. But it is never cleared.
A solution to this problem could be to clear the attendees map of the Lao during a rollcall#close.