RAACToken - Incomplete token burn when fee collector is not set
Summary
The burn function in RAACToken fails to handle the full burn amount when a burn tax is set but no fee collector is configured. This results in only a partial burn of tokens, with the tax amount remaining in the user's wallet.
Vulnerability Details
When a user calls the burn function:
The function calculates a tax amount based on
burnTaxRateIt burns
(amount - taxAmount)tokensIf
feeCollectoris not set (address(0)), the tax portion is neither burned nor transferredThis leaves the tax portion of tokens in the user's wallet, contrary to the burn intention
Impact
Users attempting to burn tokens when no fee collector is set will have fewer tokens burned than requested.
This affects both direct users and integrated protocols that might account for the full burn amount in their calculations, potentially leading to accounting mismatches and economic model discrepancies. It breaks the ERC20 standard.
Tools Used
Manual Review
Recommendations
Modify the burn function to handle the full amount when no fee collector is set:
Lead Judging Commences
RAACToken::burn incorrectly deducts tax amount but doesn't burn or transfer it when feeCollector is address(0), preventing complete token burns
RAACToken::burn incorrectly deducts tax amount but doesn't burn or transfer it when feeCollector is address(0), preventing complete token burns
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.