You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However when the last vote is calculated, the price should be 1*base_price/(1 + oppositeTrust_votes)
this is not the case because of a calculation order error, thus price ends up being 0.
The root cause is that the initial _calcVotePrice is not taken into account for fundsReceived .
The market.votes for the TRUST or DISTRUST value is subtracted, which would make the formula for price 0, only then the fundsReceived is updated.
The order of calculations completely neglect the initial price of the vote.
Thus the seller receives 0 amount when its the last vote is sold.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
uint256 votePrice = _calcVotePrice(market, isPositive);
uint256 maxPrice = votePrice;
uint256 minPrice;
while (votesSold < amount) {
+ fundsReceived += votePrice;
if (market.votes[isPositive ? TRUST : DISTRUST] <= 1) {
revert InsufficientVotesToSell(profileId);
}
market.votes[isPositive ? TRUST : DISTRUST] -= 1;
votePrice = _calcVotePrice(market, isPositive);
- fundsReceived += votePrice;
votesSold++;
//@audit the first votePrice isn't taken into account, so when market.votes[isPosivitive ? TRUST : DISTRUST] is zero (last vote)
// thhe vote price will be zero.
}
The text was updated successfully, but these errors were encountered:
Damp Shamrock Viper
Medium
selling amount of the last vote will always be zero
Summary
The
_calcVotePricecalculates price for a vote by the formula(market.votes[isPositive ? TRUST : DISTRUST] * market.basePrice) / totalVoteshttps://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L922
However when the last vote is calculated, the price should be 1*base_price/(1 + oppositeTrust_votes)
this is not the case because of a calculation order error, thus price ends up being 0.
Root Cause
https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L1026-L1038
The root cause is that the initial
_calcVotePriceis not taken into account forfundsReceived.The market.votes for the TRUST or DISTRUST value is subtracted, which would make the formula for price 0, only then the
fundsReceivedis updated.The order of calculations completely neglect the initial price of the vote.
Thus the seller receives 0 amount when its the last vote is sold.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
uint256 votePrice = _calcVotePrice(market, isPositive); uint256 maxPrice = votePrice; uint256 minPrice; while (votesSold < amount) { + fundsReceived += votePrice; if (market.votes[isPositive ? TRUST : DISTRUST] <= 1) { revert InsufficientVotesToSell(profileId); } market.votes[isPositive ? TRUST : DISTRUST] -= 1; votePrice = _calcVotePrice(market, isPositive); - fundsReceived += votePrice; votesSold++; //@audit the first votePrice isn't taken into account, so when market.votes[isPosivitive ? TRUST : DISTRUST] is zero (last vote) // thhe vote price will be zero. }The text was updated successfully, but these errors were encountered: