You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
price can reach zero in imbalanced markets, can cause issues
Summary
Due to precision loss and how LMSR works, if the difference between the amount of outstanding shares is big enough, one of the share prices can hit zero. If a price hits zero within markets that use LMSR, under normal conditions this would mean that no shares would be sold, creating a deadlock. However ReputationMarket will keep giving free shares to users without any fees. Although there is no total value loss, because shares can be bought for free and the price can later increase due to market activity, this creates a potential profit with no downside. Also buying these shares will cost no fees.
Outstanding shares of one of the votes is much greater than the other such that one of the shares is priced at zero
External Pre-conditions
No response
Attack Path
User buys shares that are priced at zero
If the other shares are sold or more shares that were priced at zero are bought, user can sell these shares that were bought for free
Impact
Users are able to trade risk free, also without paying fees.
PoC
Note that this test will fail because gas costs are not taken into consideration, but on the output you can see only the gas costs were paid.
it('should let user buy shares for free',async()=>{constbillionEth=ethers.parseEther('1000000000');constmaxVotes=133000n-1n;// Buy many distrust votes to push trust price downawaituserA.buyVotes({votesToBuy: maxVotes,buyAmount: billionEth,isPositive: false,});constbalanceBefore=awaitethers.provider.getBalance(userA.signer.address);consttrustPrice=awaitreputationMarket.getVotePrice(DEFAULT.profileId,true);expect(Number(trustPrice)).to.equal(0);awaituserA.buyVotes({votesToBuy: 80000n,isPositive: true,});constbalanceAfter=awaitethers.provider.getBalance(userA.signer.address);// this will fail as gas costs are not taken for considerationexpect(balanceAfter).to.equal(balanceBefore,'Balance did not decrease after buying votes');});
Mitigation
Do not let users buy shares when price hits 0.
The text was updated successfully, but these errors were encountered:
Petite Rosewood Whale
Medium
price can reach zero in imbalanced markets, can cause issues
Summary
Due to precision loss and how LMSR works, if the difference between the amount of outstanding shares is big enough, one of the share prices can hit zero. If a price hits zero within markets that use LMSR, under normal conditions this would mean that no shares would be sold, creating a deadlock. However ReputationMarket will keep giving free shares to users without any fees. Although there is no total value loss, because shares can be bought for free and the price can later increase due to market activity, this creates a potential profit with no downside. Also buying these shares will cost no fees.
Root Cause
Allowing users to buy shares for free
https://github.com/sherlock-audit/2024-12-ethos-update/blob/c3a2b007d0ddfcb476f300f8b766808f0e3e2dfd/ethos/packages/contracts/contracts/ReputationMarket.sol#L440-L497
Internal Pre-conditions
External Pre-conditions
No response
Attack Path
Impact
Users are able to trade risk free, also without paying fees.
PoC
Note that this test will fail because gas costs are not taken into consideration, but on the output you can see only the gas costs were paid.
Mitigation
Do not let users buy shares when price hits 0.
The text was updated successfully, but these errors were encountered: