search

sherlock-audit / 2023-09-perennial-judging

0 stars 0 forks source link

twcctop - Protocol fee can still be locked #28

Closed sherlock-admin closed 11 months ago

sherlock-admin commented 11 months ago

twcctop

high

Protocol fee can still be locked

Summary

Protocol fee can still be locked, it seems that the issue doesn't get fixed in this codespace.

Vulnerability Detail

The previous contest issue Protocol fee from Market.sol is locked
https://github.com/sherlock-audit/2023-07-perennial-judging/issues/52 seems still exist in this contest codebase.

    function _claimFee(address receiver, UFixed6 fee) private returns (bool) {
        if (msg.sender != receiver) return false;

        token.push(receiver, UFixed18Lib.from(fee));
        emit FeeClaimed(receiver, fee);
        return true;
    }

Nothing changes in function _claimfee and the issue still exist

Impact

Protocol fees cannot be withdrawn

Code Snippet

https://github.com/sherlock-audit/2023-09-perennial/blob/main/perennial-v2/packages/perennial/contracts/Market.sol#L145-L151

Tool used

Manual Review

Recommendation

It's mentioned in previous contest . https://github.com/sherlock-audit/2023-07-perennial-judging/issues/52

sherlock-admin commented 11 months ago

3 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid because claimFee now sends fee to factory owner instead of factory itself

n33k commented:

invalid, fixed in https://github.com/equilibria-xyz/perennial-v2/pull/79

polarzero commented:

See #007.