Gorgeous Cobalt Frog - The contract can pay out the initial liquidity deposited as part of trading

[sherlock-admin3]

Gorgeous Cobalt Frog

Medium

The contract can pay out the initial liquidity deposited as part of trading

Summary

The contract can pay out the initial liquidity deposited as part of trading since sellVotes() doesn't check if the two votes added in the create function is maintained after selling.

Root Cause

in ReputationMarket.sol there is no check to ensures the following invariant to hold :
https://audits.sherlock.xyz/contests/735?filter=questions#:~:text=The%20contract%20must%20never%20pay%20out%20the%20initial%20liquidity%20deposited%20as%20part%20of%20trading.%20The%20only%20way%20to%20access%20those%20funds%20is%20to%20graduate%20the%20market.

Internal Pre-conditions

No response

External Pre-conditions

No response

Attack Path

market owner should sell all the votes including the two votes added in the create function.
this lead to get the initial liquidity deposited.

Impact

contract doesn't hold the following invariant:
The contract must never pay out the initial liquidity deposited as part of trading. The only way to access those funds is to graduate the market.

PoC

https://github.com/sherlock-audit/2024-12-ethos-update/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L539C1-L578C4

Mitigation

ad a check to insure the funds deposited when creating the function maintain in the contract until the contract get graduate
d.