Cheesy Cinnabar Mammoth
Medium
Ethos utilizes slippage protection on buyVotes, however, this protection is not offered on sellVotes() and leaves users vulnerable to market manipulation.
Lack of slippage protection for sellVotes()
https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L495-L498
- The attacker must already hold either TRUST or DISTRUST votes in the market they plan on manipulating. The attack is more likely to be performed in markets the attacker wants to hold certain votes in.
- An attacker has some indication that a user will call sellVotes() on a market the attacker belongs to.
- Let's say there are 500 TRUST votes and 250 DISTRUST votes
- A user wants to sell 100 TRUST votes so they call sellVotes() passing in 100 as a parameter. The price of the first vote should sell for 500 * .01e18 / 750 = 0.0066e18 and then decrease linearly from there.
- An attacker owns 100 TRUST votes so they sell their votes first
- So now the price of the first vote should sell for is 400 * .01e18 / 650 = 0.0061e18
- The attacker then rebuys their 100 TRUST votes.
- The user loses the variance per vote
Loss of funds for vote sellers
No response
Add slippage protection to sellVote()