Missing Functionality for Maker to Claim Platform Fee
Summary
Missing Functionality for Maker to Claim Platform Fee
Vulnerability Details
There is currently no function in the contract that allows a maker to claim their platformFee. While the MakerInfo struct includes a platformFee field, there is no mechanism provided for the maker to withdraw or claim this fee. This could lead to issues where the maker is unable to retrieve the fees they are entitled to. Makers get platformFeewhen takers interact with the offercreated by makeror relistedoffers created by taker.
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/PreMarkets.sol#L254-L263
Impact
Maker is unable to retrieve the platform fees they are entitled to.
Tools Used
Manual review
Recommendations
Implement a function that allows makers to claim their platformFee. This function should:
Check the
platformFeebalance in theMakerInfostruct.Transfer the fee to the maker’s address.
Reset the
platformFeein theMakerInfostruct to zero after the transfer.
Example of a possible function:
Lead Judging Commences
finding-PreMarkets-platformFee-no-withdraw-functionality
Low severity, this can be done using the `Rescuable.sol` contract. Arguably there is no errors here given the `platformFee` variable can represent the historical fees that the protocol has accumulated and need not be updated when fees are withdrawn. However, I believe a more explicit function can be valuable to be more transparent regarding withdrawals. However, I will leave this issue open for escalation for debates because I can see it as arguably invalid as well, but I see no arguments for it being medium severity since there is an alternative to retrieve platform fees, assuming admins are trusted.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.