Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Owner can withdraw the whole balance of the feeToken

cryptozaki

Summary

The owner can drain the whole feeToken balance by calling withdrawPlaftormFeesfunction.

The following function is part of LLMOracleCoordinator contract. As we can see this function can be called only by the owner and transfers the whole balance of the feeToken

function withdrawPlatformFees() public onlyOwner {
feeToken.transfer(owner(), feeToken.balanceOf(address(this)));
}

However the following function allow the seller/buyer to withdraw fees from the coordinator address

/// Increases the allowance by setting the approval to the sum of the current allowance and the additional amount.
/// @param spender spender address
/// @param amount additional amount of allowance
function _increaseAllowance(address spender, uint256 amount) internal {
feeToken.approve(spender, feeToken.allowance(address(this), spender) + amount);
}

Vulnerability Details

If the owner invokes withdrawPlatformFees function he will withdraw all funds from the feeToken for the coordinator address and will not leave any fees to withdraw for the buyer/seller.

Impact

Lost fees for buyer/seller

Tools Used

manual review, hardhat

Recommendations

Don't let the owner withdraw all the fees. Implement it in such way which distinguish the coordinator fees from the seller/buyer fees.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`withdrawPlatformFees` withdraws the entire balance

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.