🐃 No OGN actually required to gain benefits of boosting

[DanielVF]

A spam offer (say with a phone number to buy something from), can gain all the discovery placement benefits of boosting without using any OGN.

To do this, the evil listing just needs to store a commission in IPFS and not send any deposit with the eth transaction. Bingo!

Of course, the listing can't be purchased without a colluding purchaser, who sets the offer commission to zero, but that's not a problem for someone looking to use the site as a billboard.

Discovery ranking should use the min(commission.amount, deposit.amount). Probably need to do this at indexing time.

Is there anywhere else where this will trip things up?

Test case:

const hash = await originTest.ipfsService.saveObjAsFile({
    schemaId: "http://schema.originprotocol.com/listing_v1.0.0",
    listingType: "unit",
    category: "schema.forSale",
    subCategory: "schema.forSale.carsTrucks",
    language: "en-us",
    title: "Spam listing",
    description: "Red. 100K miles. Always garaged.",
    expiry: "2018-09-20T19:59:36.875Z",
    media: [],
    price: {amount: "0.7", currency: "ETH"},
    unitsTotal: 1,
    commission: {amount: "99999", currency: "OGN"},
})
const hashBytes = originTest.contractService.getBytes32FromIpfsHash(hash)
const me = (await web3.eth.getAccounts())[0]
await originTest.contractService.call("V00_Marketplace",'createListing',[hashBytes, 0, me])
// no OGN spent, 10x max boost