nikhilx0111 - incase of a malicious operartor no fee will be claimed #75
Comments
sherlock-admin3
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
sherlock-admin3
changed the title
nikhilx0111
High
incase of a malicious operartor no fee will be claimed
Summary
the claimfee function in market.sol claims any accrued fees, fees include: protocol, oracle, risk, donation, and claimable however the function is restricted to be only called by the operator this can be problematic since it is also mentioned in the documentation that there's a possibility of a malicious operator incase of a malicious operator no protocol, oracle, risk, donation, and claimable fee will be claimed
Root Cause
https://github.com/sherlock-audit/2024-08-perennial-v2-update-3/blob/main/perennial-v2/packages/perennial/contracts/Market.sol#L292
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
protocol wont be able to collect any fee
PoC
No response
Mitigation
allow both the owner and operator to collect accrued fees
The text was updated successfully, but these errors were encountered: