Blunt Ebony Copperhead - Precision loss while calculating pricePerVote in ReputationMarket::sellVotes

[sherlock-admin3]

Blunt Ebony Copperhead

Medium

Precision loss while calculating pricePerVote in ReputationMarket::sellVotes

Summary

The sellVotes function in the ReputationMarket contract calculates the price per vote by dividing proceedsBeforeFees by votesToSell. This calculation may lead to precision loss due to integer division in Solidity, potentially resulting in unexpected behavior or failed transactions when the calculated price does not meet the minimumVotePrice requirement.

Root Cause

Solidity uses integer arithmetic, truncating any fractional part during division. As a result, proceedsBeforeFees / votesToSell may not accurately represent the true price per vote. The issue lies in the sellVotes function, line where pricePerVote is calculated.
https://github.com/sherlock-audit/2024-12-ethos-update/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L553

Internal Pre-conditions

No response

External Pre-conditions

No response

Attack Path

1. User calls the sellVotes function.

Impact

• Rejection of valid transactions where the actual price per vote should meet the minimumVotePrice.
• Potential underestimation of the per-vote price in edge cases.

PoC

No response

Mitigation

Introduce a scaling factor (e.g., 10**18) to preserve precision during division.