Colossal Chiffon Urchin
Medium
Actors will be able to constantly empty someone's account in a short time
According to docs their should be a grace period between slashing, there is none, right now
Upon being slashed the accused has a 72h grace period before they may be slashed again.
function slash(
uint256 authorProfileId,
uint256 slashBasisPoints
) external onlySlasher whenNotPaused nonReentrant returns (uint256) {
if (slashBasisPoints > MAX_SLASH_PERCENTAGE) {
revert InvalidSlashPercentage();
}
uint256 totalSlashed;
uint256[] storage vouchIds = vouchIdsByAuthor[authorProfileId];
for (uint256 i = 0; i < vouchIds.length; i++) {
Vouch storage vouch = vouches[vouchIds[i]];
// Only slash active vouches
if (!vouch.archived) {
uint256 slashAmount = vouch.balance.mulDiv(
slashBasisPoints,
BASIS_POINT_SCALE,
Math.Rounding.Floor
);
if (slashAmount > 0) {
vouch.balance -= slashAmount;
totalSlashed += slashAmount;
}
}
}
if (totalSlashed > 0) {
// Send slashed funds to protocol fee address
(bool success, ) = protocolFeeAddress.call{ value: totalSlashed }("");
if (!success) revert FeeTransferFailed("Slash transfer failed");
}
emit Slashed(authorProfileId, slashBasisPoints, totalSlashed);
return totalSlashed;
}
contracts/contracts/EthosVouch.sol#L520
No response
No response
Seems like their will be permissionless accusing of account, so someone's account could be emptied in a short time
Someone's account can be slashed multiple times in a short time
No response
tracked slashed time, implement grace period