New pixel owner could overpay taxes by incorrect tax calculation if its previous owner set the price at 0.
_collectTax is to collect and record tax from pixel owner, it’s triggered in three scenarios
Since tax is calculated with price, tax rate,
lastTaxCollection and past block count, and the
lastTaxCollection can be updated only if collectable tax is larger than 0. So a zero-price pixel can skip to be “collected” under these scenarios.
Form an Attack
- In block#1000, attacker bought a pixel and price it at 0 $SPACE;
- In block #2000, victim bought the pixel and price it at 10 $SPACE;
- In block #3000, victim’s tax was calculated from block#1000 to block#3000, not from block#2000;
- contracts/src/TheSpace/TheSpace.sol (commit: b62df4e)
Threat Agent Factors
advanced user or has programming skills.
possible reward through UBI.
need to own a large portion of pixels and pay gas fees.
anonymous Internet users.
Ease of Exploit
cannot form the attack if pixel isn’t bought.
Technical Impact Factors
Loss of Integrity
Loss of Availability
can damage the economic mechanism partly.
Loss of Accountability
can completely anonymous.
Business Impact Factors
depends on the pixel price and the time duration before the pixel is bought.
Overall Likelihood: 2
Overall Impact: 2
Overall Risk Score = Impact * Likelihood = 4