No execution to withdraw `platformFee` leading to locking of `platformFee`.
Summary
The remainingPlatformFee is calculated and accounted but there is no execution to withdraw that fee , leading to the loss of the funds
Vulnerability Details
In PreMarket:createTaker() function it calculates the platform fee , then that fee is distributed to the referrer and user by calling the function,
The remainingPlatformFee after distributing it to the referrer and user, is accounted to the variable makerInfo.platformFee
Now there is no execution of a function to withdraw this fee , Which will lead to locking of fee and loss of funds.
Impact
Fee will be locked, Loss of funds
Tools Used
Manually
Recommendations
Execute a function to withdraw the fee.
Lead Judging Commences
finding-PreMarkets-platformFee-no-withdraw-functionality
Low severity, this can be done using the `Rescuable.sol` contract. Arguably there is no errors here given the `platformFee` variable can represent the historical fees that the protocol has accumulated and need not be updated when fees are withdrawn. However, I believe a more explicit function can be valuable to be more transparent regarding withdrawals. However, I will leave this issue open for escalation for debates because I can see it as arguably invalid as well, but I see no arguments for it being medium severity since there is an alternative to retrieve platform fees, assuming admins are trusted.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.