New pixel owner could overpay taxes by incorrect tax calculation if its previous owner set the price at 0.
_collectTax is to collect and record tax from pixel owner, it’s triggered in three scenarios
Since tax is calculated with price, tax rate, lastTaxCollection and past block count, and the lastTaxCollection can be updated only if collectable tax is larger than 0. So a zero-price pixel can skip to be “collected” under these scenarios.
| Factors | Score | Reason |
|---|---|---|
| Threat Agent Factors | ||
| Skill Level | 2 | advanced user or has programming skills. |
| Motive | 2 | possible reward through UBI. |
| Opportunity | 1 | need to own a large portion of pixels and pay gas fees. |
| Size | 3 | anonymous Internet users. |
| Vulnerability Factors | ||
| Ease of Discovery | 1 | require a deep understanding of The Space’s smart contract and mechanisms. |
| Ease of Exploit | 2 | cannot form the attack if pixel isn’t bought. |
| Awareness | 3 | public knowledge. |