Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

LLMOracleCoordinator::Owner can steal all unpaid validator and generator fees via LLMOracleCoordinator::withdrawPlatformFees

silver_eth

Summary

The function LLMOracleCoordinator::withdrawPlatformFees transfers all available tokens in the LLMOracleCoordinator contract to the owner, not just the accumulated platformFees

Vulnerability Details

function withdrawPlatformFees() public onlyOwner {

feeToken.transfer(owner(), feeToken.balanceOf(address(this)));

}

The issue here is that some of the tokens in the contract are fees meant to serve as incentives for the generators and validators and the owner can take eveything
It is also important to note that even if the owner is not malicious, they cannot withdraw the actual platform fees without taking this incentives with it also the contract is not pausable so it is not possible to pause creating new requests untill all the current ones have been fulfilled so that they can withdraw the fees

Impact

The protocol wont be able to withdraw fees without alternatively stealing from the incentives

Tools Used

manual analysis

Recommendations

Track platformFees using a storage variable
the owner should never be allowed to withdraw more than that

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Validated

Assigned finding tags:

`withdrawPlatformFees` withdraws the entire balance

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.