041.md

Shambolic Opaque Swift

Medium

Lack of input validation for buyVotes parameters can confuse users and create unexpected behavior

Summary

The absence of a check ensuring minVotesToBuy <= maxVotesToBuy in buyVotes can lead to confusion or unexpected behavior for users, as the function does not validate these parameters, potentially allowing contradictory inputs.

Root Cause

In ReputationMarket.sol#L440C1-L450C1, buyVotes accepts maxVotesToBuy and minVotesToBuy as parameters, but never checks that minVotesToBuy <= maxVotesToBuy. This gap can produce conflicting instructions and unexpected user experience.

Internal Pre-conditions

1. The user calls buyVotes with parameters maxVotesToBuy and minVotesToBuy where minVotesToBuy is greater than maxVotesToBuy or otherwise illogical.
2. No internal checks enforce consistency between these two parameters.

External Pre-conditions

No response

Attack Path

1. A user mistakenly calls buyVotes(profileId, true, 5, 10), implying a desire to buy at least 10 votes but no more than 5.
2. The function checks only if the user can afford minVotesToBuy and attempts to purchase maxVotesToBuy — leading to contradictory states or user confusion.
3. Because no explicit requirement ensures minVotesToBuy <= maxVotesToBuy, the input can pass silently, producing undefined or confusing results.

Impact

Users could have a confusing or misleading experience, expecting at least a certain minimum but capping at a smaller maximum. While this might not directly cause financial loss, it risks incorrectly handled orders or user frustration, potentially leading to a breakdown of market trust.

PoC

No response

Mitigation

1. Add Parameter Validation: In buyVotes, revert if minVotesToBuy > maxVotesToBuy.