Shambolic Cotton Pangolin
High
The buyVotes function will charge fee based on the msg.value instead of the amount used for purchasing the vote. As a result it will always overcharge users.
buyVotes function we see that the msg.value is passed in _calculateBuy:
https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L459
After that he we can see that the protocol fee is taken proportionally from the amount here:
https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L1146
However this amount will be the msg.value, which will always have an unused prortion.
As a result the fee will also be applied to the unused amount.
N/A
N/A
Consider the following scenario(protocolFee=donationFee=5%; 10% in total):
- A user supplies 1e18 eth as msg.value in the transaction.
- The vote cost is 0.5e18 eth. And the user will tolerate slippage as long as they receive one vote.
- With the current implementation the fee will be 0.1e18(10% of 1e18)
- The user will be able to buy only one vote and will be refunded: 1e18-0.5e18(vote cost)-0.1e18(for the fees) = 0.4e18 =>total spent will be 0.6e18 However in this case the fee was taken from the msg.value Now lets see what would have happened if the user supplied the exact amount - 0.6e18 with the same vote cost
- The fee will be 10% of 0.6e18 = 0.06e18
- the vote cost will be the same for the example - 0.5e18 Now however the user will be refunded 0.6e18 - 0.06e18(total fees)-0.5e18(vote cost) = 0.04e18 refund amount => totalSpent = 0.56e18. We can see that if the user supplies more msg.value for the same amount of votes they will be charged more fee
The buyVotes function will always overcharge fees - High
N/A
The fee should be calculated based on the amount used for buying the votes, not the amount provided.