Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect Basis Points Calculation for Swap Tax and NFT Royalties in FeeCollector.sol Contract

bbash

Summary

The FeeCollector contract initializes fee distribution parameters using basis points (10000 = 100%). However, the swapTaxes (feeTypes[6]) and nftRoyalties (feeTypes[7]) are incorrectly set to 2000 basis points (20%) instead of 200 basis points (2%). This results in an excessive fee distribution, potentially leading to higher than intended deductions from transactions.

Vulnerability Details

In the constructor of the FeeCollector.sol contract, this is the constructor:

constructor(
address _raacToken,
address _veRAACToken,
address _treasury,
address _repairFund,
address _admin
) {
...
//logic
...
// Initialize fee types with protocol rules
_initializeFeeTypes();
}

This internally calls the _initializeFeeTypes function at: https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/collectors/FeeCollector.sol#L330-L394

function _initializeFeeTypes() internal {
// Protocol Fees: 80% to veRAAC holders, 20% to treasury
feeTypes[0] = FeeType({
veRAACShare: 8000, // 80%
burnShare: 0,
repairShare: 0,
treasuryShare: 2000 // 20%
});
// Lending Fees: Interest income distribution
feeTypes[1] = FeeType({
veRAACShare: 7000, // 70%
burnShare: 0,
repairShare: 0,
treasuryShare: 3000 // 30%
});
// Performance Fees: 20% from yield products
feeTypes[2] = FeeType({
veRAACShare: 6000, // 60%
burnShare: 0,
repairShare: 0,
treasuryShare: 4000 // 40%
});
// Insurance Fees: 3% from NFT loans
feeTypes[3] = FeeType({
veRAACShare: 5000, // 50%
burnShare: 0,
repairShare: 2000, // 20%
treasuryShare: 3000 // 30%
});
// Mint/Redeem Fees
feeTypes[4] = FeeType({
veRAACShare: 6000, // 60%
burnShare: 0,
repairShare: 2000, // 20%
treasuryShare: 2000 // 20%
});
// Vault Fees
feeTypes[5] = FeeType({
veRAACShare: 7000, // 70%
burnShare: 0,
repairShare: 0,
treasuryShare: 3000 // 30%
});
// Buy/Sell Swap Tax (2% total)
feeTypes[6] = FeeType({
veRAACShare: 500, // 0.5%
burnShare: 500, // 0.5%
repairShare: 1000, // 1.0%
treasuryShare: 0
});
// NFT Royalty Fees (2% total)
feeTypes[7] = FeeType({
veRAACShare: 500, // 0.5%
burnShare: 0,
repairShare: 1000, // 1.0%
treasuryShare: 500 // 0.5%
});
}

The _initializeFeeTypes() function defines different fee types with their respective allocations.
Swap Tax (feeTypes[6]) should sum up to 2% (200 basis points) but is set to 20% (2000 basis points):

feeTypes[6] = FeeType({
veRAACShare: 500, // 0.5%
burnShare: 500, // 0.5%
repairShare: 1000, // 1.0%
treasuryShare: 0
});

Incorrect Total: 500 + 500 + 1000 = 2000 (20%) ❌

Similarly, NFT Royalties (feeTypes[7]) should sum up to 2% (200 basis points) but is set to 20% (2000 basis points):

feeTypes[7] = FeeType({
veRAACShare: 500, // 0.5%
burnShare: 0,
repairShare: 1000, // 1.0%
treasuryShare: 500 // 0.5%
});

Incorrect Total: 500 + 0 + 1000 + 500 = 2000 (20%) ❌

The issue originates from an incorrect assignment of basis points, multiplying the intended values by 10.

Impact

  • Transactions involving swaps and NFT royalties will incur significantly higher fees than expected.

  • This will lead to user dissatisfaction and loss of trust in the protocol.

  • Affected fee distributions will cause misallocation of funds, leading to potential economic imbalances in the system.

Tools Used

Manual Review

Recommendations

Modify _initializeFeeTypes() to correctly allocate 200 basis points (2%) instead of 2000 basis points (20%).

Fixed Swap Tax (feeTypes[6]):

feeTypes[6] = FeeType({
veRAACShare: 50, // 0.5%
burnShare: 50, // 0.5%
repairShare: 100, // 1.0%
treasuryShare: 0
});

✅ Total = 50 + 50 + 100 = 200 (2%)

Fixed NFT Royalties (feeTypes[7]):

feeTypes[7] = FeeType({
veRAACShare: 50, // 0.5%
burnShare: 0,
repairShare: 100, // 1.0%
treasuryShare: 50 // 0.5%
});

✅ Total = 50 + 0 + 100 + 50 = 200 (2%)

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.