RAACMinter Cannot Fully Control RaacToken or Set Necessary Parameters as Owner
Summary
The RAACMinter.setFeeCollector function invokes RaacToken.setFeeCollector, which is restricted to the contract owner (onlyOwner). This implies that RAACMinter should be the owner of RaacToken. (this is true for other RAACMinter functions like setSwapTaxRate and setBurnTaxRate)
However, RAACMinter does not cover other owner-exclusive functions, such as manageWhitelist, setTaxRateIncrementLimit and setMinter, limiting its ability to manage RaacToken fully.
The issue gets worse when we realize that RAACToken can only have one owner and RAACMinter can not delegate ownership to another address.
Vulnerability Details
RAACMinter has a function to set feeCollector:
It calls raacToken function. which is restricted to onlyOwner:
but there is not function in RAACMinter to for example setMinter in RAACToken as owner
Impact
RAACMinter’s admin functions will revert due to insufficient access. Alternatively, if RAACMinter is considered the owner of RaacToken, it still cannot fully control it or set the necessary parameters as its owner.
Tools Used
vscode
Recommendations
Grant RAACMinter the necessary permissions in RaacToken by introducing a specific role (e.g., FEE_MANAGER_ROLE) instead of restricting access to onlyOwner.
OR
Add necessary functions to RAACToken (as owner of RaacToken)
Lead Judging Commences
RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity
RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.