Shambolic Opaque Swift
Medium
The GRADUATION_WITHDRAWAL contract can immediately graduate any market, causing an abrupt end to trading. This can lock users out of selling their votes, resulting in unrecoverable positions and unexpected losses.
In ReputationMarket.sol#L722C1-L733C4, the function graduateMarket allows an authorized contract (GRADUATION_WITHDRAWAL) to immediately finalize (graduate) a market. There is no waiting period or user grace period before finalizing the market.
- The
GRADUATION_WITHDRAWALcontract is authorized to callgraduateMarket. . A market is currently active and has participants holding votes.
No response
- The authorized
GRADUATION_WITHDRAWALcontract (intentionally or accidentally) callsgraduateMarket(profileId). - The market is immediately transitioned to a graduated state, disallowing further buying or selling of votes.
- Users holding votes can no longer liquidate them, leaving them locked in a graduated market without a chance to sell before graduation.
Market participants lose the ability to sell their votes on short notice, potentially resulting in locked positions or financial losses if the price was expected to change. The sudden graduation undermines user trust and disrupts market equilibrium.
No response
- Add a Grace Period: Before finalizing a market, require a timelock or grace period during which users are notified and can sell their votes.
- Partial or Phased Graduation: Implement a phased approach allowing users to sell for a set period after a graduation announcement.