Skip to content
This repository has been archived by the owner on Feb 18, 2024. It is now read-only.

WATCHPUG - Protocol's fee is claimed by the factory, but there is no way to move tokens out. #143

Closed
sherlock-admin opened this issue Aug 15, 2023 · 1 comment
Closed

WATCHPUG - Protocol's fee is claimed by the factory, but there is no way to move tokens out. #143

sherlock-admin opened this issue Aug 15, 2023 · 1 comment
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Aug 15, 2023
edited by sherlock-admin2
Loading

WATCHPUG

high

Protocol's fee is claimed by the factory, but there is no way to move tokens out.

Summary

Vulnerability Detail

MarketFactory will claim the fees belongs to it but there is no way to move these funds out.

OracleFactory may have a similar issue. There should be a way to withdraw the surplus Oracle fee.

Impact

Code Snippet

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial/contracts/MarketFactory.sol#L85-L90

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial/contracts/Market.sol#L128-L151

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-oracle/contracts/OracleFactory.sol#L109-L114

Tool used

Manual Review

Recommendation

Duplicate of #52
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Aug 18, 2023
@sherlock-admin
Copy link
Contributor Author

2 comment(s) were left on this issue during the judging contest.

141345 commented:

d

darkart commented:

Valid point but horrible report

@sherlock-admin2 sherlock-admin2 changed the title Happy Mocha Worm - Protocol's fee is claimed by the factory, but there is no way to move tokens out. WATCHPUG - Protocol's fee is claimed by the factory, but there is no way to move tokens out. Aug 23, 2023
@sherlock-admin2 sherlock-admin2 added Medium A valid Medium severity issue Reward A payout will be made for this issue and removed High A valid High severity issue labels Aug 23, 2023
@hrishibhat hrishibhat added High A valid High severity issue and removed Medium A valid Medium severity issue labels Sep 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hrishibhat @sherlock-admin @sherlock-admin2