Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Best Carbon Eagle - DEFAULT_PRICE should be 0.001 ether #717

Open
sherlock-admin2 opened this issue Dec 5, 2024 · 0 comments
Open

Best Carbon Eagle - DEFAULT_PRICE should be 0.001 ether #717

sherlock-admin2 opened this issue Dec 5, 2024 · 0 comments

Comments

@sherlock-admin2
Copy link
Contributor

Best Carbon Eagle

High

DEFAULT_PRICE should be 0.001 ether

Summary

In ReputationMarket.sol, DEFAULT_PRICE is set to 0.01 ether however if you look at the code in initialize, it is meant to be 0.001 ether instead.

function initialize(
  address owner,
  address admin,
  address expectedSigner,
  address signatureVerifier,
  address contractAddressManagerAddr
) external initializer {
  __accessControl_init(
    owner,
    admin,
    expectedSigner,
    signatureVerifier,
    contractAddressManagerAddr
  );
  __UUPSUpgradeable_init();
  enforceCreationAllowList = true;
  // Default market configurations:

  // Default tier
  // - Minimum viable liquidity for small/new markets
  // - 0.002 ETH initial liquidity
  // - 1 vote each for trust/distrust (volatile price at low volume)
  marketConfigs.push(
    MarketConfig({
      initialLiquidity: 2 * DEFAULT_PRICE,
      initialVotes: 1,
      basePrice: DEFAULT_PRICE
    })
  );

  // Deluxe tier
  // - Moderate liquidity for established profiles
  // - 0.05 ETH initial liquidity
  // - 1,000 votes each for trust/distrust (moderate price stability)
  marketConfigs.push(
    MarketConfig({
      initialLiquidity: 50 * DEFAULT_PRICE,
      initialVotes: 1000,
      basePrice: DEFAULT_PRICE
    })
  );

  // Premium tier
  // - High liquidity for stable price discovery
  // - 0.1 ETH initial liquidity
  // - 10,000 votes each for trust/distrust (highly stable price)
  marketConfigs.push(
    MarketConfig({
      initialLiquidity: 100 * DEFAULT_PRICE,
      initialVotes: 10000,
      basePrice: DEFAULT_PRICE
    })
  );
}

Impact

Wrong default price variable and it is permanent since there is no function to reset it.

Code snippet

https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/57c02df7c56f0b18c681a89ebccc28c86c72d8d8/ethos/packages/contracts/contracts/ReputationMarket.sol#L79
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin2