Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Validators may not be able to withdraw their fees

yotov721

Summary

The protocol increases the allowance of fee tokens to validators so they can later withdraw their fee. However when the oracle cordinator owner wishes to withdraw his fees he withdraws the whole balance.

Vulnerability Details

The protocol lets users register oracles, which are two kinds - validator and generator. Once registered they can start validating requests. If the score of the validator is withing the range of the group it's fee token allowance is increased via

_increaseAllowance(validations[taskId][v_i].validator, task.validatorFee);
...
function _increaseAllowance(address spender, uint256 amount) internal {
feeToken.approve(spender, feeToken.allowance(address(this), spender) + amount);
}

This lets the oracle withdraw his fee from the contract at anytime.

The problem is the withdrawPlatformFees function which lets the owner withdraw his fees.

function withdrawPlatformFees() public onlyOwner {
feeToken.transfer(owner(), feeToken.balanceOf(address(this)));
}

When the owner withdraws he is given the whole balance of the contract. This will cause a scenario where if an oracle has NOT withdrawn his fees yet and the owner withdraws, the oracle will be left without his reward.

Impact

Loss of funds for validators

Tools Used

Manual Review

Recommendations

Since the protocol would not be working with any weird ERC20s, the fee could be directly send to the validator instead of increasing his allowance.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`withdrawPlatformFees` withdraws the entire balance

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.