Unable to withdraw platform fee, due to no mechanism to withdraw them
Summary
There is no function to withdraw fee, lead to fee stuck in the contract
Vulnerability Details
In createTaker function, platformFee is added after adding them:
But currently, there is no mechanism to withdraw them. The only way to withdraw token is through TokenManager#withdraw() function, but it only allow them to withdraw token balance of caller, but not platformFee.
Impact
Token is stuck in the contract
Tools Used
Manual review
Recommendations
Add mechanism to withdraw these tokens
Lead Judging Commences
finding-PreMarkets-platformFee-no-withdraw-functionality
Low severity, this can be done using the `Rescuable.sol` contract. Arguably there is no errors here given the `platformFee` variable can represent the historical fees that the protocol has accumulated and need not be updated when fees are withdrawn. However, I believe a more explicit function can be valuable to be more transparent regarding withdrawals. However, I will leave this issue open for escalation for debates because I can see it as arguably invalid as well, but I see no arguments for it being medium severity since there is an alternative to retrieve platform fees, assuming admins are trusted.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.