Lost protocol fees due to incompatible fee collection design
Vulnerability Details
The protocol's fee collection system is fundamentally broken due to incompatible fee-handling mechanisms. The RAACToken sends fees directly to the FeeCollector:
However, the FeeCollector's distribution logic relies on an internal accounting system that is only updated through the collectFee() function, which is never called:
Since the tokens sent from RAACToken bypass the collectFee() function, _calculateTotalFees() will always return zero, despite the contract having a non-zero token balance.
Impact
All collected fees are effectively locked in the
FeeCollectorcontractFee distribution mechanism is completely non-functional
Protocol's revenue distribution system is entirely broken
Tools Used
Manual Review
Recommendations
Redesign the fee distribution system in FeeCollector to work with actual token balances instead of internal accounting.
Lead Judging Commences
RAACToken::burn sends tax directly to FeeCollector without using collectFee(), causing tokens to bypass accounting and remain undistributed. `collectFee` is not used anywhere.
RAACToken::burn sends tax directly to FeeCollector without using collectFee(), causing tokens to bypass accounting and remain undistributed. `collectFee` is not used anywhere.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.