Kind White Buffalo
Medium
When votes are sold, marketFunds is not decreased by the protocol fee, taken out of the total votes price, causing the marketFunds for that market to be higher than they actually are.
In sellVotes:522 marketFunds is decreased by fundsReceived. This is an issue as fundsReceived does not include the protocol fees, deducted from the total cost of the votes: https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/57c02df7c56f0b18c681a89ebccc28c86c72d8d8/ethos/packages/contracts/contracts/ReputationMarket.sol#L1041.
Therefore, marketFunds will be higher than the actual funds of the market. This is problematic as when the market is graduated and its funds are withdrawn through withdrawGraduatedMarketFunds more ETH will be withdrawn than available. This will either cause the withdrawal to revert, or the additional assets to be taken out of the funds of other markets.
No response
No response
Here is a simple example:
- A market has 10 ETH of funds
- User sells 1 ETH of votes and has to pay 0.1 ETH in fees
- Only 0.9ETH is deducted from
marketFunds, due to the issue, so the market will have amarketFundsof 9.1 ETH, even though there are only 9 ETH - Now when the market is graduated and withdrawn, the withdrawal will revert, due to a lack of funds
Withdrawing a graduated market will either revert, or assets will be taken out of the funds of other markets.
No response
Update sellVotes to include the protocol fees:
marketFunds[profileId] -= fundsReceived + protocolFee; //@audit UPDATE