Magic Basil Caterpillar
High
users funds loss and/or transaction reverts due to insufficient Eth balance in ReputationMarket contract
In current ReputationMarket contract logic, marketFunds[profileId] state variable was wrongly updated in ReputationMarket::sellVotes function.Due to which exitProtocolFee was wrongly collecting twice from the contract. 1)while selling the votes 2)while withdrawing GraduatedMarketFunds due to which future transactions revert due to insufficient Eth balance therefore users loss funds.
If users want to sell votes then they will call ReputationMarket::sellVotes function https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L495 Then it internally calls _calculateSell function which calculates and return votesSold,fundsReceived,protocolFee,minVotePrice,maxVotePrice values. https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L503-L510 Now let's see _calculateSell function logic, It calculates fundsReceived from selling votes using _calcVotePrice function in while loop which iterates untill votesSold = amount of votes user specify to sell. https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L1031-L1040 now value of fundsReceived = amount from selling votes. Then it internally calls PreviewFees function which calculates the exitProtocolFee and returns exitProtocolFee and fundsReceived after deducting exitProtocolfee from it. now, fundsReceived = amount from selling votes - exitProtocolFee. https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L1041 https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L1141-L1153 now sellVotes function internally calls applyFees function which sends exitProtocolFee to protocolFeeAddress. https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L517 then it calls _sendEth function which transfers fundReceived to user who is selling the votes. https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L520 now as we observe both exitProtocolFee and fundReceived is transferred out of ReputationMarket contract.so we should deduct fundReceived+protocolFee from marketFunds[profileId],but we wrongly deducting only fundReceived from marketFunds[profileId]. https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L522 now marketFunds[profileId] value will be greater than what it should be by exitProtocolFee. so now when user with GRADUATION_WITHDRAWAL role withdrawing from GraduatedMarketFunds it will transfer more funds than what actually should transfer to him. which means exitProtocolFee was collecting twice from the contract which will break accounting of the contract. so user transactions in future will revert due to out of funds(contract not having enough Eth to give to users who sell there votes and while withdrawing GraduatedMarketFunds).
No response
No response
No response
wrongly collecting exitProtocolFee from ReputationMarket twice for every time a user sells votes(1)while selling votes 2)while withdrawing from GraduatedMarketFunds), which will break accounting of the contract(Eth balance of contract is not enough to pay to users who sell their votes and at time of withdrawing GraduatedMarketFunds in future).so users loss there funds.
No response
modify code here, https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L522 with this, marketFunds[profileId] -= (fundsReceived+protocolFee); so that marketFunds[profileId] is correctly updated.