Dria

Description

When making a platform fee withdraw in LLMOracleCoordinator::withdrawPlatformFees, the owner takes all the available balance of the fee token in a contract at that moment.

A problem arises since validators' and generators' fees are not directly sent to them but just approved.

Meaning their fees are still part of the contract's total token balance hence by transferring the total balance all the still pending, non-transferred but approved generator and validator fees will be sent to the owner.

Their may still be pending requests whose validators and generators need fees but lets make an assumption that the owner will ensure that all requests are completed.

Here is a scenario:

1. BuyerAgent makes a request to the LLMOracleCoordinator contract and sends the totalFees to it.

2. Generators respond to the requests and after the number of generators reach the minimum required, validators also validate the responses.

3. After validation, the validator and generator fees are approved but they haven`t yet processed the transfers.

4. The owner sees that all requests have been completed and decide to withdraw the platform fees in LLMOracleCoordinator::withdrawPlatformFees.

• https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleCoordinator.sol#L375C5-L377C6
  Since the validators and generators of the last requests haven`t transferred their amounts, the withdraw will send all their fees to the owner hence them losing their fees.

Impact

Loss of validator and generator fees.

Recommendation

Consider checking and subtracting allowances before withdrawing the available fees.