search

sherlock-audit / 2023-07-perennial-judging

2 stars 1 forks source link

WATCHPUG - Protocol's fee is claimed by the factory, but there is no way to move tokens out. #143

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

WATCHPUG

high

Protocol's fee is claimed by the factory, but there is no way to move tokens out.

Summary

Vulnerability Detail

MarketFactory will claim the fees belongs to it but there is no way to move these funds out.

OracleFactory may have a similar issue. There should be a way to withdraw the surplus Oracle fee.

Impact

Code Snippet

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial/contracts/MarketFactory.sol#L85-L90

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial/contracts/Market.sol#L128-L151

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-oracle/contracts/OracleFactory.sol#L109-L114

Tool used

Manual Review

Recommendation

Duplicate of #52

sherlock-admin commented 1 year ago

2 comment(s) were left on this issue during the judging contest.

141345 commented:

d

darkart commented:

Valid point but horrible report