Cheesy Cinnabar Mammoth
Medium
When a vote seller sells their votes, the amount the seller receives is calculated in _calculateSell by calling calcVotePrice. The problem is that calcVotePrice is called after market.votes[] is updated, returning a price that's lower than what the user should actually receive for that vote.
market.vote[] is updated before _calcVotePrice() is called.
- A vote holder needs to call sellVotes() to sell their votes
n/a
- Say there are 100 TRUST votes and 100 DISTRUST votes in a market
- A vote seller wants to sell 1 TRUST vote
- The price the vote seller receives for the vote should be the vote price (100 * basePrice / 200) minus the protocol fee
- But instead, the vote seller will receive their vote for (99 * basePrice / 199) minus the protocol fee because markets.vote[] is updated before the vote price is calculated instead of after.
Loss of funds for vote sellers because they never receive the full price per vote that they should actually receive.
No response
Update the code in the while loop in _calculateSell to:
while (votesSold < amount) {
if (market.votes[isPositive ? TRUST : DISTRUST] <= 1) {
revert InsufficientVotesToSell(profileId);
}
- market.votes[isPositive ? TRUST : DISTRUST] -= 1;
- votePrice = _calcVotePrice(market, isPositive);
+ votePrice = _calcVotePrice(market, isPositive);
+ market.votes[isPositive ? TRUST : DISTRUST] -= 1;
fundsReceived += votePrice;
votesSold++;
}