OrderBook

First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Impact: medium
Likelihood: low
Invalid

`withdrawFees` Can Brick When Balance < totalFees

Root + Impact

Description

`withdrawFees` transfers `totalFees` without comparing it to the actual USDC balance.

// Root cause in the codebase with @> marks to highlight the relevant section

Risk

Impact:

If the balance is lower (due to deflation, mistaken transfers, or future bugs), the call reverts forever, freezing all accrued fees and preventing state recovery.

Proof of Concept

Recommended Mitigation

Transfer `amount = min(totalFees, balance)` then decrement `totalFees` by `amount`; protect with `nonReentrant`.

- remove this code
+ add this code
Updates

Lead Judging Commences

yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.