Cheesy Cinnabar Mammoth
Medium
ReputationMarket::updateDonationRecipient can inadvertently transfer all donations from multiple markets if the same recipient is used across them. This occurs because the donationEscrow mapping tracks balances by recipient address only, not by market.
Donations aren't accounted for by profileId: https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L125-L127
- One address is the donation recipient for 2 or more markets
- Donations for 2 or more markets have been received by the one address
- The donation recipient calls updateDonationRecipient for one of the markets
n/a
- Let's say Alice is the donation recipient for Market A and Market B
- Both markets generate donations, so donationEscrow[alice] contains funds from both markets
- Alice calls updateDonationRecipient for Market A to transfer to Bob
- The function will transfer ALL of Alice's donation escrow to Bob, including the funds from Market B even though Alice is still the donation recipient for that market.
Loss of funds for the donation recipient.
No response
Donations should be tracked per market and recipient to ensure transfers only affect the intended market's funds.