You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
incase of a malicious operartor no fee will be claimed
Summary
the claimfee function in market.sol claims any accrued fees, fees include: protocol, oracle, risk, donation, and claimable however the function is restricted to be only called by the operator this can be problematic since it is also mentioned in the documentation that there's a possibility of a malicious operator incase of a malicious operator no protocol, oracle, risk, donation, and claimable fee will be claimed
allow both the owner and operator to collect accrued fees
The text was updated successfully, but these errors were encountered:
sherlock-admin3
changed the title
Brave Crimson Yak - incase of a malicious operartor no fee will be claimed
nikhilx0111 - incase of a malicious operartor no fee will be claimed
Sep 23, 2024
nikhilx0111
High
incase of a malicious operartor no fee will be claimed
Summary
the claimfee function in market.sol claims any accrued fees, fees include: protocol, oracle, risk, donation, and claimable however the function is restricted to be only called by the operator this can be problematic since it is also mentioned in the documentation that there's a possibility of a malicious operator incase of a malicious operator no protocol, oracle, risk, donation, and claimable fee will be claimed
Root Cause
https://github.com/sherlock-audit/2024-08-perennial-v2-update-3/blob/main/perennial-v2/packages/perennial/contracts/Market.sol#L292
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
protocol wont be able to collect any fee
PoC
No response
Mitigation
allow both the owner and operator to collect accrued fees
The text was updated successfully, but these errors were encountered: