Owner of `LLMOracleCoordinator` Unintentionally Withdraws Accumulated Generators' and Validators' Fees in `withdrawPlatformFees`
Summary
In LLMOracleCoordinator, both generator and validator fees accumulate in the contract upon successful completion of each task or request. When the owner attempts to withdraw the protocol fee via withdrawPlatformFees, instead of withdrawing only the protocol fee, the entire accumulated amount, including generators' and validators' portions, is transferred.
Vulnerability Details
The owner of LLMOracleCoordinator is unable to withdraw only the accumulated protocol fee. The current setup inadvertently transfers the entire accumulated amount, including fees intended for generators and validators. While the owner is a trusted entity without malicious intent, the contract design does not allow the owner to withdraw only the protocol fee.
Impact
The unintended transfer of the total accumulated fee (including generator and validator portions) may occur instead of transferring only the protocol fee.
Tools Used
Manual review
Recommendations
add a state variable to count the protocol Fee Accumulated like protocolFeeAccumulated.
Add the following code in the withdrawPlatformFees function:
Lead Judging Commences
`withdrawPlatformFees` withdraws the entire balance
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.