Decent Currant Halibut
Medium
ReputationMarket::buyVotes() Race Condition/Front-Running chances Between Cost Calculation and Purchase Execution
In the ReputationMarket contract, the buyVotes function is susceptible to a race condition where the market state might change between the time the cost of votes is calculated and when the state is actually updated with the purchase. This vulnerability can lead to discrepancies between the intended purchase and the actual outcome due to intervening transactions altering the market dynamics.
function buyVotes(
uint256 profileId,
bool isPositive,
uint256 maxVotesToBuy,
uint256 minVotesToBuy
) public payable whenNotPaused activeMarket(profileId) nonReentrant {
// ... (code not shown)
// Cost calculation happens here
while (totalCostIncludingFees > msg.value) {
currentVotesToBuy--;
(purchaseCostBeforeFees, protocolFee, donation, totalCostIncludingFees) = _calculateBuy(
markets[profileId],
isPositive,
currentVotesToBuy
);
}
// ... (state update happens later)
markets[profileId].votes[isPositive ? TRUST : DISTRUST] += currentVotesToBuy;
// ... (code not shown)
} No response
No response
No response
Front-Running: An attacker could observe a pending buyVotes transaction in the mempool and strategically submit their own transaction to manipulate the market price, potentially buying votes at a lower price or selling at a higher price than anticipated by the original buyer. Unpredictable Outcomes: Buyers might end up with more or fewer votes than calculated, leading to either overpayment or unexpected market influence.
Market Instability: Frequent exploitation of this vulnerability can lead to increased market volatility, undermining the market's reliability and potentially enabling manipulation.
No response
Atomic Operations: Try to perform cost calculation and state update in as close to a single atomic operation as possible.