User will sell votes at an undesirable price

Summary

The missing slippage protection in ReputationMarket.sellVotes() will impact users. Malicious user can sandwich and profit for them, basically stealing from honest users.

Root Cause

In sellVotes() there is a missing slippage protection.

Internal pre-conditions

To attack become profitable fees must be lower than revenue from sandwiching.

External pre-conditions

No response

Attack Path

User1 submits sellVotes() expecting to receive for example 1 ETH.
User2 executes sellVotes(), so after sell price becomes lower.
User1 tx is executed, he receive lower than 1 ETH. Additionally makes price even lower
User2 buys back his votes at the lowered price.

User2 will profit as soon as price impact is higher than fees payed.

Impact

Users always suffer loss on sell operations. Especially when price impact of sell is high.

PoC

No response

Mitigation

Add slippage protection.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

063.md

063.md

User will sell votes at an undesirable price

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

063.md

Latest commit

History

063.md

File metadata and controls

User will sell votes at an undesirable price

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation