there is an attack that makes changing a vote v to v' possible by knowing v/v' about vaatlejad.github.io HOT 2 OPEN

The protocol is described on electoral authority web site, however English version doesn't describe the protocol for OCSP/RFC3161 timestamps, which you can find in Estonian section as part of protocol description 6.1.1-6.1.5. The MyID does not indeed retain anything, because it's just a simple timestamp log (timestamp here meaning just an instance of datetime type data), but certification centre signs the actual OCSP responses and RFC3161 timestamps also returning requests signed by the collection service containing a hash of vote ciphertext. So whatever is the goal, you can work with that data and prove various things depending on the goal and the trust assumptions.

from vaatlejad.github.io.

So without getting on the details of how now, it is really feasible almost trivial for an adversary to get the ratios (v/v') for all candidate choices v and a desired vote v'
-If the above statement is correct, we have the following:

-The 3rd attack in the first paper of the issue can happen like this
1-find an s for every voter with public key y such that y^s = v'/v (v is how the voter voted, v' is the adversary's choice)
2-send to the verification application (c1,c2)= (g^r, v(y^r))* (like the voter voted)
3- send to the Vote Collector as if the generated random number is r'= r+s and the vote is v'
i.e., (c1,c2)= (g^(r+s), v' y^(r+s))*

*v'y^(r+s)= v'(y^r)(y^s) = v'(y^r)*(v/v')= (y^r)v ===> the same value of c2 in both cases

The reply here
https://twitter.com/trtram/status/1751231814880882753
pointed out to me that there is a check that c1=(g^r)
https://github.com/valimised/ivotingverification/blob/published/app/src/main/java/ee/vvk/ivotingverification/util/ElGamalPub.java#L77-L83
Well, if c1 is taken from the vote collector problem solved and the attack will be detected ( different c1 sent to each application), but if c1 (line 80 in the code) comes from the voting application then the problem still persists
and could have been done

-According to the paper
https://www.researchgate.net/publication/372570425_Individual_Verifiability_and_Revoting_in_the_Estonian_Internet_Voting_System/comments
a malicious voting application can fake a malfunctioning then a restart to send to the verification application the data of the voter second attempt while using the first attempt random to create a fake vote as the final one
( I think this can only be detected by double checking through other available services)

-I also suggest you can do some sample audits without any governmental effort and see if there's a counter example of contradiction or not
(ask volunteers, possibly from your supporters, to compare the results from MYID service to their QR code, to what they know they've done, or to what is the voting server if possible)
There is more on different audits on the twitter thread
Ps.
Make sure to include in the sample some who did not vote through the internet at all and check that no one voted in their place

from vaatlejad.github.io.