Ethos Reputation Market Fix Review Contest

Ethos Reputation Market Fix Review ContestEthos Reputation Market Fix Review Contest

Details

Scope

My Submission

On what chains are the smart contracts going to be deployed?

Base L2 only

If you are integrating tokens, are you allowing only whitelisted tokens to work with the codebase or any complying with the standard? Are they assumed to have certain properties, e.g. be non-reentrant? Are there any types of weird tokens you want to integrate?

We are not integrating ANY tokens. We will only be handling native Ethereum.

Are there any limitations on values set by admins (or other roles) in the codebase, including restrictions on array lengths?

Owner is trusted. Admin is trusted.
Graduate_Withdraw contracts will also be deployed by and owned by Ethos and trusted.

Reputation Market:

  • Cannot remove all market configs (must keep at least 1)
  • Base price must be >= MINIMUM_BASE_PRICE (0.0001 ether)
  • Must maintain LMSR invariant (yes + no price sum to 1)
  • A user cannot sell more votes than they own
  • A graduated market cannot accept new trades or be recreated.
  • Total contract balance must be greater or equal to all active (non-graduated) market funds

Are there any limitations on values set by admins (or other roles) in protocols you integrate with, including restrictions on array lengths?

These contracts rely on the settings and configuration covered in Ethos Network non-financial contracts, audited here:
https://audits.sherlock.xyz/contests/584

Is the codebase expected to comply with any specific EIPs?

Currently graduating reputation markets are not yet implemented. However, they are expected to be on-chain once implemented.

Are there any off-chain mechanisms involved in the protocol (e.g., keeper bots, arbitrage bots, etc.)? We assume these mechanisms will not misbehave, delay, or go offline unless otherwise specified.

There are no off-chain mechanisms involved in the Reputation Market protocol. We do not use the information in Reputation Markets to impact Ethos credibility scores.

What properties/invariants do you want to hold even if breaking them has a low/unknown impact?

The contract must never pay out the initial liquidity deposited as part of trading. The only way to access those funds is to graduate the market.

Please discuss any design choices you made.

We opted to use an LMSR algorithm for the bonding curve, as it's proven to operate well with AMMs like Polymarket. This was in response to a critical finding in our previous audit.

Please provide links to previous audits (if any).

https://github.com/sherlock-audit/2024-10-ethos-network
https://github.com/sherlock-audit/2024-11-ethos-network-ii

Please list any relevant protocol resources.

whitepaper: https://whitepaper.ethos.network
website: https://ethos.network
testnet app: https://dev.ethos.markets

Additional audit information.

The major changes are in the addition and integration with the LMSR library.

Max Rewards

555 USDC

Status

Live since

Active

Jan 16, 2025, 9:15 PM

Report a bug