Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Unauthorized Withdrawal of Oracle Funds via withdrawPlatformFees Function

gaurav11018

Summary

The withdrawPlatformFees function in the Swan protocol's smart contract allows the contract owner to transfer the entire balance of feeToken from the contract to their own address. This includes not only platform fees but also funds staked by oracles and any pending rewards. Even if the owner is trusted, this design poses significant risks such as accidental fund mismanagement or potential key compromise, which could lead to the draining of all funds intended for oracles and disrupt the protocol's operations.

Vulnerability Details

Contract Involved:

  • LLMOracleRegistry (Assumed based on context)

Function Under Scrutiny:

function withdrawPlatformFees() public onlyOwner {
feeToken.transfer(owner(), feeToken.balanceOf(address(this)));
}

Issue Description:

  • Unrestricted Withdrawal:

    • The withdrawPlatformFees function allows the contract owner to withdraw all feeToken held by the contract.

    • This includes funds allocated for oracle staking and pending rewards, not just platform fees.

  • Lack of Fund Segregation:

    • There is no mechanism to differentiate between platform fees and oracle funds within the contract.

    • This means that withdrawing platform fees inadvertently removes funds necessary for oracle operations.

  • Risk of Accidental Withdrawal:

    • Even with a trusted owner, human error could lead to accidental withdrawal of essential funds meant for oracles.

  • Potential Key Compromise:

    • If the owner's private key is compromised, an attacker could maliciously withdraw all funds from the contract.

Impact

Severity: High

Potential Consequences:

  1. Operational Disruption:

    • Oracle Payments Halted: Oracles rely on staked funds and pending rewards to operate. Draining these funds would prevent oracles from fulfilling their roles, disrupting the entire protocol.

  2. Financial Loss:

    • Users Lose Staked Funds: Oracles and users who have staked tokens would lose access to their funds, leading to significant financial losses.

  3. Reputational Damage:

    • Negative Perception: The protocol's reputation may suffer, affecting future collaborations, integrations, and user base growth.

Tools Used

manual review

Recommendations

Implement Proper Fund Segregation:

  • Separate Accounting for Platform Fees and Oracle Funds:

    • Introduce distinct state variables to track platform fees and oracle-related funds separately.

uint256 public platformFeeBalance;
uint256 public oracleFundsBalance;
// Function to collect platform fees
function collectPlatformFee(uint256 feeAmount) internal {
platformFeeBalance += feeAmount;
}
// Function to allocate funds to oracles
function allocateOracleFunds(uint256 amount) internal {
oracleFundsBalance += amount;
}
// Modified withdrawPlatformFees function
function withdrawPlatformFees() public onlyOwner {
require(platformFeeBalance > 0, "No platform fees to withdraw");
uint256 amount = platformFeeBalance;
platformFeeBalance = 0;
feeToken.transfer(owner(), amount);
emit PlatformFeesWithdrawn(owner(), amount);
}

Benefits:

  • Protects Oracle Funds: Ensures that only platform fees are withdrawable by the owner, leaving oracle funds intact.

  • Prevents Accidental Withdrawals: Reduces the risk of accidentally draining funds meant for oracles.

  • Enhances Security: Limits the scope of withdrawals, minimizing potential damage from key compromises.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`withdrawPlatformFees` withdraws the entire balance

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.