Unclaimed platform fees accumulate indefinitely in maker info, potentially leading to loss of funds
Summary
PreMarkets::createTaker accumulates platform fees for each maker's offer, but there is no implemented mechanism to claim or distribute these fees. This could lead to fees being locked in the contract indefinitely.
Impact
Platform fees are continuously added to makerInfo.platformFee with each taker order, but there is no function to withdraw or distribute these fees. This could result in loss of revenue for the platform or intended fee recipients.
Proof of Concept
Tools Used
Manual review
Recommended Mitigation Steps
Implement a function to claim accumulated platform fees, accessible only by authorized addresses (e.g., protocol admin or fee recipient).
If the platform is supposed to keep the platform fees, then the suggestion would be to track them in a separate variable and allow admins to withdraw them.
If the maker is supposed to keep the platform fees, then something like this would be the suggested course of action:
Lead Judging Commences
finding-PreMarkets-platformFee-no-withdraw-functionality
Low severity, this can be done using the `Rescuable.sol` contract. Arguably there is no errors here given the `platformFee` variable can represent the historical fees that the protocol has accumulated and need not be updated when fees are withdrawn. However, I believe a more explicit function can be valuable to be more transparent regarding withdrawals. However, I will leave this issue open for escalation for debates because I can see it as arguably invalid as well, but I see no arguments for it being medium severity since there is an alternative to retrieve platform fees, assuming admins are trusted.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.