twcctop - Protocol fee can still be locked

[sherlock-admin]

twcctop

high

Protocol fee can still be locked

Summary

Protocol fee can still be locked, it seems that the issue doesn't get fixed in this codespace.

Vulnerability Detail

The previous contest issue Protocol fee from Market.sol is locked
sherlock-audit/2023-07-perennial-judging#52
seems still exist in this contest codebase.

    function _claimFee(address receiver, UFixed6 fee) private returns (bool) {
        if (msg.sender != receiver) return false;

        token.push(receiver, UFixed18Lib.from(fee));
        emit FeeClaimed(receiver, fee);
        return true;
    }

Nothing changes in function _claimfee and the issue still exist

Impact

Protocol fees cannot be withdrawn

Code Snippet

https://github.com/sherlock-audit/2023-09-perennial/blob/main/perennial-v2/packages/perennial/contracts/Market.sol#L145-L151

Tool used

Manual Review

Recommendation

It's mentioned in previous contest .
sherlock-audit/2023-07-perennial-judging#52

[sherlock-admin]

3 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid because claimFee now sends fee to factory owner instead of factory itself

n33k commented:

invalid, fixed in equilibria-xyz/perennial-v2#79

polarzero commented:

See #7.