Owner can steal fee from other actors
Summary
Swan allocates fee to different actors by increasing allowance for the fee token balance of the Swan contracts. These actors then have to separately call transferFrom() to transfer fee from Swan contract to an address they control.
However, there is a privileged function using which the owner of the contract can withdraw all the fee token balance of the contract which platform fee and any other fee not yet withdrawn by other actors. Thus, the owner can steal fee token balance of other actors.
Vulnerability Details
This onlyOwner function lets the owner withdraw all fee token balance withdrawPlatformFees(). Even though the comment says it withdraws the entire fee from the contract, it's still a bug since it's basically denying the right of the actors to get the promised fee.
Here are the instance where allowance is increased whenever fee is allocated to an actor LLMOracleCoordinator.sol#L369:
LLMOracleCoordinator.sol#L234:
LLMOracleCoordinator.sol#L348:
Impact
High. Fees can be stolen by the owner which disincentivizes the actors to trust the entire system.
Tools Used
Manual
Recommendations
Keep track of the platform fee and withdraw just that amount.
Lead Judging Commences
`withdrawPlatformFees` withdraws the entire balance
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.