New pixel owner could overpay taxes by incorrect tax calculation if its previous owner set the price at 0.
[_collectTax](<https://github.com/thematters/contracts/blob/b62df4e1ad3e0b4bc3ffc516cf974475ac2a197e/src/TheSpace/TheSpace.sol#L348=>)
is to collect and record tax from pixel owner, it’s triggered in three scenarios
Since tax is calculated with price, tax rate, [lastTaxCollection](<https://github.com/thematters/contracts/blob/b62df4e1ad3e0b4bc3ffc516cf974475ac2a197e/src/TheSpace/TheSpace.sol#L316=>)
and past block count, and the lastTaxCollection
can be updated only if collectable tax is larger than 0. So a zero-price pixel can skip to be “collected” under these scenarios.
Factors | Score | Reason |
---|---|---|
Threat Agent Factors | ||
Skill Level | 2 | advanced user or has programming skills. |
Motive | 2 | possible reward through UBI. |
Opportunity | 1 | need to own a large portion of pixels and pay gas fees. |
Size | 3 | anonymous Internet users. |
Vulnerability Factors |
| Ease of Exploit | 2 | cannot form the attack if pixel isn’t bought. | | Awareness | 3 | public knowledge. |