Soft Chambray Jaguar - Incorrect slippage check in ReputationMarket.sellVotes

[sherlock-admin3]

Soft Chambray Jaguar

High

Incorrect slippage check in ReputationMarket.sellVotes

Summary

When users sell votes, they can set a minimum price they want to receive per vote. However, the code checks this minimum price before deducting fees, rather than after. This means users could receive less than their specified minimum price.

@>    uint256 pricePerVote = votesToSell > 0 ? proceedsBeforeFees / votesToSell : 0; // @audit price deducted with fees included
    if (pricePerVote < minimumVotePrice) {
      revert SellSlippageLimitExceeded(minimumVotePrice, pricePerVote);
    }

The sellVotes function lets users sell their votes and specify a minimum price per vote. Here's the issue:

1. The code calculates price per vote using the amount before fees are taken out
2. It checks if this pre-fee price meets the user's minimum
3. Only after this check does it deduct fees and send the remaining amount to the user

This means the actual amount received may be lower than what was checked against the minimum price.

Scenario

Let's say:

• User wants to sell 1 vote for minimum 1 ETH
• Protocol fee is 5%
• Current vote price is exactly 1 ETH

What happens:

1. Code sees price is 1 ETH and approves the sale since it meets minimum
2. 5% fee (0.05 ETH) is deducted
3. User only receives 0.95 ETH - less than their 1 ETH minimum!

Impact

Users receive less money than they expected based on their minimum price setting.

LOC

https://github.com/sherlock-audit/2024-12-ethos-update/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L553

Fix

Calculate the price per vote using the after-fee amount proceedsAfterFees

-    uint256 pricePerVote = votesToSell > 0 ? proceedsBeforeFees / votesToSell : 0;
+    uint256 pricePerVote = votesToSell > 0 ? proceedsAfterFees / votesToSell : 0;
    if (pricePerVote < minimumVotePrice) {
      revert SellSlippageLimitExceeded(minimumVotePrice, pricePerVote);
    }