Tadle
Tadle
DeFi
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Not possible to withdraw platform fee

fyamf

Summary

Platform fee cannot be withdrawn from the protocol as there is not any mechanism implemented for it.

Vulnerability Details

When a taker places an order, he should deposit the platformFee as well.

uint256 platformFee = depositAmount.mulDiv(
platformFeeRate,
Constants.PLATFORM_FEE_DECIMAL_SCALER
);
//....
depositTokenWhenCreateTaker(
platformFee,
depositAmount,
tradeTax,
makerInfo,
offerInfo,
tokenManager
);

https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/PreMarkets.sol#L217-L234

Then, based on the referrerReferralBonus and authorityReferralBonus, some part of the platform fee will be dedicated to referrer and msg.sender, respectively.

uint256 referrerReferralBonus = platformFee.mulDiv(
referralInfo.referrerRate,
Constants.REFERRAL_RATE_DECIMAL_SCALER,
Math.Rounding.Floor
);
/**
* @dev update referrer referral bonus
* @dev update authority referral bonus
*/
tokenManager.addTokenBalance(
TokenBalanceType.ReferralBonus,
referralInfo.referrer,
makerInfo.tokenAddress,
referrerReferralBonus
);
uint256 authorityReferralBonus = platformFee.mulDiv(
referralInfo.authorityRate,
Constants.REFERRAL_RATE_DECIMAL_SCALER,
Math.Rounding.Floor
);
tokenManager.addTokenBalance(
TokenBalanceType.ReferralBonus,
_msgSender(),
makerInfo.tokenAddress,
authorityReferralBonus
);
remainingPlatformFee =
platformFee -
referrerReferralBonus -
authorityReferralBonus;

https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/PreMarkets.sol#L858-L891

The remaining of the platform fee will be stored in:

makerInfo.platformFee = makerInfo.platformFee + remainingPlatformFee;

https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/PreMarkets.sol#L263

The issue is that, there is no mechanism in the protocol to withdraw the accumulated platform fee. Please note that the assumption that the protocol is not still complete can not be reasonable.

Please note that using the function rescue in the contract Rescuable by the owner is not for withdrawing platform fee. If it was for withdrawing platform fee, then makerInfo.platformFee should have been updated accordingly in this function.
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/utils/Rescuable.sol#L64

Impact

  • Stuck of platform fee in the protocol.

Tools Used

Recommendations

It is recommended to implement platform fee withdrawal mechanism.

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-platformFee-no-withdraw-functionality

Low severity, this can be done using the `Rescuable.sol` contract. Arguably there is no errors here given the `platformFee` variable can represent the historical fees that the protocol has accumulated and need not be updated when fees are withdrawn. However, I believe a more explicit function can be valuable to be more transparent regarding withdrawals. However, I will leave this issue open for escalation for debates because I can see it as arguably invalid as well, but I see no arguments for it being medium severity since there is an alternative to retrieve platform fees, assuming admins are trusted.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.