Election State Machine
A common pattern for Smart Contracts is the state machine pattern (https://solidity.readthedocs.io/en/develop/common-patterns.html#state-machine). Netvote uses this pattern to protect sensitive election transactions including configuration and voting.
This references key aspects of the Netvote solution, including the Voter Pool, Ballot, and Election smart contracts, Key Revealer, and Vote Gateway. Please see the Netvote whitepaper (https://netvote.io) for more information on those concepts.
Election Phases
An election contract can be in any of the following Election Phases: Building, Voting, Closed, or Aborted. These states enforce the available transactions for configuration and voting.
Building
All election contracts start in the building phase. This is the only state where configuration settings may be adjusted. For multi-tier elections, it is during this phase that the links between pools, ballots, and elections are defined. Once the election contracts are set the way the administrators desires, the administrator may activate the smart contract, which will verify basic settings about the smart contract.
Voting
Once an election contract is activated, it transitions to the Voting state. During this phase, the particular smart contract will accept votes (IF other dependent smart contracts are also activated).
For a multi-tier election, the entire ancestry of a pool must be activated in order to allow voting. This means: the pool, all its ballots, and the top-level election contract must each individually be activated before the pool will process votes. For certain institutions, this would require separate administrators signing off on the readiness of the election. It is also perfectly acceptable for separate pools to be activated at different times. At the end of voting, an authorized address may close the election (and each of the subordinate contracts).
Closed
Once closed, a smart contract will no longer accept votes. Off-chain components will react to the closure of the election in the following ways: The Key Revealer will post the encryption key to the election contract (for tally) and the Gateway will delete its secret used to HMAC the Vote IDs (for anonymity). Once closed, an election is under perpetual review by the public.
Aborted
At any point, an authorized address may choose to abort a smart contract. Once aborted, a smart contract is forever disabled with no return. The intention of this state is to allow an authorized address to invalidate an election in the case of misconfiguration, collusion, or other problem with the vote (whether technical or otherwise).
Locked
All election contracts can also be temporarily locked or unlocked by an authorized address. This temporarily disables phase-specific transactions on an election contract. Lockable contracts is a good practice for smart contract safety. Unlocking has the effect of returning a smart contract to its previous state. If problems are observed during the voting process, it is likely that one may lock the relevant pool(s), investigate, and choose to either unlock or abort those contracts.
Strictly, an election state is multi-coordinate: a contract can be locked/unlocked AND be in a particular election phase. The modifiers take locking into account to protect sensitive transactions.
Solidity Implementation
ElectionPhaseable Contract
The pool, ballot, and election each inherit the ElectionPhaseable contract. This contract manages the state transitions. Modifiers: building(), voting()are available for tagging transactions that require those state. Currently there are no transactions that require the closed or aborted states, but those modifiers can be added.
Lockable Contract
The Lockable contract provides modifiers for evaluating whether a given contract is locked. Note that ElectionPhaseable inherits from Lockable. The Adminable contract is an authorizing contract that authorizes ETH addresses for changing state.
For more information, please see our website at https://netvote.io and solidity repository at https://github.com/netvote/elections-solidity
