Upbeat Coffee Badger - The rounding direction in _calcVotePrice(…) does not match the comments. #137
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Upbeat Coffee Badger
High
The rounding direction in _calcVotePrice(…) does not match the comments.
Summary
https://github.com/sherlock-audit/2024-12-ethos-update/blob/c3a2b007d0ddfcb476f300f8b766808f0e3e2dfd/ethos/packages/contracts/contracts/ReputationMarket.sol#L1003
• For trust votes (isPositive = true): “round up”
• For distrust votes (isPositive = false): “round down”
• For trust votes (isPositive = true), Math.Rounding.Floor is called (rounding down).
• For distrust votes (isPositive = false), Math.Rounding.Ceil is called (rounding up).
This is the exact opposite of the comments, leading to the following potential issues:
1. Mismatch Between Comments and Implementation, Misleading Future Developers
Future developers or maintainers may trust the comments when reading the code or upgrading the contract, leading to misjudgments about the actual behavior and introducing further bugs.
2. Potential 1 wei Discrepancy in the Sum of Trust and Distrust Vote Prices
The original intent was for one to round up and the other to round down to ensure that trustPrice + distrustPrice ≈ basePrice. However, with the current reversed order, their sum could be slightly lower or higher than basePrice, causing cumulative “1 wei” discrepancies.
3. Conflict with Other Rounding Logic in _calcCost(…)
_calcCost(…) also contains rounding logic that mixes up buy/sell operations. If both locations confuse “positive/negative” or “buy/sell” with the rounding direction, the final price calculations will become even more inconsistent.
Root Cause
No response
Internal Pre-conditions
No response
External Pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
No response
The text was updated successfully, but these errors were encountered: