Urban Obsidian Jay
High
In L1057, the rounding mode is not optimal. https://github.com/sherlock-audit/2024-12-ethos-update/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L1057
In the _calcCost() function, the cost is rounded down for TRUST and rounded up for DISTRUST.
If there are more calls to buyVotes() than sellVotes() for TRUST, or fewer calls buyVotes() than sellVotes() for DISTRUST, the initial liquidity is decreased.
N/A
N/A
- Buy one
TRUSTvote n times and then sell all these votes at once. - Buy n
DISTRUSTvotes at once and then sell these one by one n times. At this point themarketFundsis decreased by approximatelyn-1. The expected value of a random number in the range [0,1) is 0.5. Thus, the decreased value can be approximated as:0.5 * (TRUST_buytimes - TRUST_selltimes) - 0.5 * (DISTRUST_buytimes - DISTRUST_selltimes) = (n-1). This is not an exact value, but n could be larger as neccesary. Thus the initial Liquidity could be consumed.
In Summary:
The contract must never pay out the initial liquidity deposited as part of trading. The only way to access those funds is to graduate the market.
However, the initial liquidity could be consumed.
function _calcCost(
...
) private pure returns (uint256 cost) {
...
cost = positiveCostRatio.mulDiv(
market.basePrice,
1e18,
1057 isPositive ? Math.Rounding.Floor : Math.Rounding.Ceil
);
}
TheConsider adjusting the rounding mode in the calculation of cost separately when buying and selling to avoid unintended consumption of the initial liquidity.