Skip to content

Latest commit

 

History

History
31 lines (26 loc) · 1.4 KB

022.md

File metadata and controls

31 lines (26 loc) · 1.4 KB

Fun Tiger Horse

Medium

Slippage in sellVotes() should be calculated based on proceedsAfterFees instead of proceedsBeforeFees

Description

The slippage in sellVotes() is calculated based on proceedsBeforeFees:

 @-->   uint256 pricePerVote = votesToSell > 0 ? proceedsBeforeFees / votesToSell : 0;
             if (pricePerVote < minimumVotePrice) {
                 revert SellSlippageLimitExceeded(minimumVotePrice, pricePerVote);
             }

The seller is going to ultimately receive proceedsAfterFees and hence would base his expectations on that. Here's a simple example:

  1. proceedsBeforeFees is 6 ether
  2. protocolFee is 2 ether
  3. proceedsAfterFees = 6 - 2 = 4 ether
  4. Seller sold 1 vote and specified minimumVotePrice as 5 ether, which he expects to receive in his account
  5. Protocol compared : Is 6 < 5? No; so it's safe to continue.
  6. Seller gets 4 ether in his account even though he had specified minimumVotePrice as 5 ether.

Mitigation

-   uint256 pricePerVote = votesToSell > 0 ? proceedsBeforeFees / votesToSell : 0;
+   uint256 pricePerVote = votesToSell > 0 ? proceedsAfterFees/ votesToSell : 0;
    if (pricePerVote < minimumVotePrice) {
      revert SellSlippageLimitExceeded(minimumVotePrice, pricePerVote);
    }