Icy Cyan Terrier - Sandwich attack to ReputationMarket.sol::sellVotes() causes user sellVotes to lower price than expected

[sherlock-admin2]

Icy Cyan Terrier

Medium

Sandwich attack to ReputationMarket.sol::sellVotes() causes user sellVotes to lower price than expected

Summary

The missing of slipage tolerence check in ethos/packages/contracts/contracts/ReputationMarket.sol::sellVotes will cause user votes selling transaction been sandwich as an attacker fruntrun and backrun their transactions

Root Cause

In ReputationMarket.sol#L495-L534 sellVotes function does not implement any slipage tolerence check
https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L495-L534

Internal pre-conditions

1. Attacker place an sellVotes transaction before the victime causing the selling price to go down
2. The victime sell his votes to a lower price than expected
3. The atacter then buy back the his votes

External pre-conditions

No response

Attack Path

No response

Impact

Users sell vote to lower price than expected

No response

PoC

No response

Mitigation

Implement the _checkSlippageLimit() to the sellVotes() function too like it was done to the buyVotes() function to allow user to be able to set they slipage tolerence
https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L461