-
Votes are visible during the election. That opens doors to a few attacks. Solution: encrypt the vote declarations and only decrypt after the election is over.
-
Selling votes is not only possible but easy. There is no solution to this I can think of.
-
The receipt must be shown before sending it to the server, otherwise the user might vote without having his receipt.