Skip to content

Latest commit

 

History

History
50 lines (28 loc) · 2.66 KB

080.md

File metadata and controls

50 lines (28 loc) · 2.66 KB

Scruffy Concrete Swift

Medium

Malicious Actor Can Manipulate Vote Prices, Causing Financial Losses

Summary

The absence of a graduation check in the buyVotes function will cause financial manipulation and potential token distribution discrepancies for Ethos as a malicious actor will purchase votes in graduated markets, inflating or deflating vote prices postgraduation.

Root Cause

-In ReputationMarket.sol:443 :absence of graduated market check in 'buyVotes' https://github.com/sherlock-audit/2024-12-ethos-update/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L440C2-L499C6

Internal Pre-conditions

1.The contract owner sets graduatedMarkets[profileId] to true to mark the market as graduated. 2.A malicious user needs to call the buyVotes function in ReputationMarket.sol with a profileId that has already been graduated. 3.The contract needs to allow the purchase of votes without verifying the market's graduated status, as there is no check for graduated markets in the buyVotes function.

External Pre-conditions

External Pre-conditions

  1. No external protocols need to change for this vulnerability to occur, as it solely depends on the contract's internal logic.
  2. The attacker needs to have enough ETH to fund the vote purchase transaction, but no specific conditions on external protocols are required for the exploit to be possible.

Attack Path

Attack Path

  1. A malicious user identifies a graduated market by checking the graduatedMarkets status for a specific profileId.
  2. The malicious user calls the buyVotes function in ReputationMarket.sol, passing in the profileId of the graduated market.
  3. Since there is no check for graduated markets in the buyVotes function, the transaction proceeds, and the malicious user is able to purchase votes.
  4. The user inflates or deflates the vote prices by purchasing votes in the graduated market, manipulating the market dynamics.

Impact

the inflation/deflation can cause discrepancies in the protocol

Mitigation

  1. Implement a check in the buyVotes function to verify that the market is not graduated before allowing votes to be purchased. This can be done by adding a condition like if (graduatedMarkets[profileId]) revert MarketAlreadyGraduated(); at the beginning of the function.

  2. Enhance the graduateMarket function to lock the market completely after graduation, preventing any further transactions or interactions with the market.

  3. Introduce a more robust mechanism for locking the market state, ensuring that once the market is graduated, no further actions can be taken that could affect vote prices or the funds in the market.