You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The primary responsibility of the _createMarket function is to create a new reputation market based on the selected market configuration. However, the function always initializes the trust and distrust votes to 1, regardless of the selected market configuration (e.g., Default, Deluxe, or Premium), which should have distinct initial vote counts.
function _createMarket(
uint256profileId,
addressrecipient,
uint256marketConfigIndex
) private nonReentrant {
// ... Code omitted ...// Initialize the new market with 1 trust and 1 distrust vote
markets[profileId].votes[TRUST] =1;
markets[profileId].votes[DISTRUST] =1;
// ... Code omitted ...
}
Mismatch with Expected Behavior
According to the contract’s comments and the definition of market configurations, different market configurations (e.g., Default, Deluxe, Premium) should have distinct initial vote counts to control market liquidity and price stability. For example:
• Default Configuration: 1 trust vote and 1 distrust vote (high volatility)
• Deluxe Configuration: 1,000 trust votes and 1,000 distrust votes (moderate price stability)
• Premium Configuration: 10,000 trust votes and 10,000 distrust votes (high price stability)
However, the current implementation of _createMarket ignores the marketConfigIndex and always sets the initial vote counts to 1, which is inconsistent with the expected behavior for different configurations.
Potential Impacts
1. Insufficient Market Liquidity: Regardless of the selected configuration, the market always starts with the lowest initial vote counts, leading to excessive price volatility and failing to reflect the higher liquidity and stability of advanced configurations.
2. Poor User Experience: Users may expect different market behaviors based on their chosen configuration. However, since the initial vote counts are not properly set, the market fails to meet these expectations.
3. Economic Model Failure: The LMSR model relies on the initial market state to dynamically adjust prices. Incorrect initial vote counts could cause price calculations and market behaviors to deviate from the intended design goals.
Root Cause
No response
Internal Pre-conditions
No response
External Pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
No response
The text was updated successfully, but these errors were encountered:
Upbeat Coffee Badger
Medium
_createMarket
Summary
https://github.com/sherlock-audit/2024-12-ethos-update/blob/c3a2b007d0ddfcb476f300f8b766808f0e3e2dfd/ethos/packages/contracts/contracts/ReputationMarket.sol#L318
The primary responsibility of the _createMarket function is to create a new reputation market based on the selected market configuration. However, the function always initializes the trust and distrust votes to 1, regardless of the selected market configuration (e.g., Default, Deluxe, or Premium), which should have distinct initial vote counts.
Mismatch with Expected Behavior
According to the contract’s comments and the definition of market configurations, different market configurations (e.g., Default, Deluxe, Premium) should have distinct initial vote counts to control market liquidity and price stability. For example:
• Default Configuration: 1 trust vote and 1 distrust vote (high volatility)
• Deluxe Configuration: 1,000 trust votes and 1,000 distrust votes (moderate price stability)
• Premium Configuration: 10,000 trust votes and 10,000 distrust votes (high price stability)
However, the current implementation of _createMarket ignores the marketConfigIndex and always sets the initial vote counts to 1, which is inconsistent with the expected behavior for different configurations.
Potential Impacts
1. Insufficient Market Liquidity: Regardless of the selected configuration, the market always starts with the lowest initial vote counts, leading to excessive price volatility and failing to reflect the higher liquidity and stability of advanced configurations.
2. Poor User Experience: Users may expect different market behaviors based on their chosen configuration. However, since the initial vote counts are not properly set, the market fails to meet these expectations.
3. Economic Model Failure: The LMSR model relies on the initial market state to dynamically adjust prices. Incorrect initial vote counts could cause price calculations and market behaviors to deviate from the intended design goals.
Root Cause
No response
Internal Pre-conditions
No response
External Pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
No response
The text was updated successfully, but these errors were encountered: