Immense Vinyl Flamingo - Profile Unable to buy Votes in ReputationMarket due to wrong basePrice is set when initializing marketConfigs

[sherlock-admin2]

Immense Vinyl Flamingo

Medium

Profile Unable to buy Votes in ReputationMarket due to wrong basePrice is set when initializing marketConfigs

Summary

marketConfigs.push() in initialize() is set to DEFAULT_PRICE instead of MINIMUM_BASE_PRICE

Root Cause

In ReputationMarket.sol:223-255 3 MarketConfigs (Default, Premium & Deluxe) are initialized with a basePrice of DEFAULT_PRICE (0.01ETH) instead of MINIMUM_BASE_PRICE (0.001ETH)

Internal pre-conditions

1. ReputationMarket is initialized with three marketConfigs with wrong basePrice

External pre-conditions

No external pre-conditions

Attack Path

1. ReputationMarket is initialized with three marketConfigs with wrong basePrice
2. Profile calls createMarketWithProfileId() and a marketConfigIndex.
3. A market is created with wrong basePrice parameter

Impact

A profile gets less votes or no votes at all when calling buyVotes() on a ReputationMarket due to wrong basePrice.

PoC

No response

Mitigation

Either reinitialize ReputationMarket implementation with the correct minimm basePrice set, or call addMarketConfig() to create new marketConfigs with the correct value