Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`setFeeCollector` function in RAACToken contract might emit `FeeCollectionDisabled` event even if fee collection was already disabled.

tadev

Summary

setFeeCollector function in RAACToken contract is implemented as follows:

function setFeeCollector(address _feeCollector) external onlyOwner {
if (feeCollector == address(0) && _feeCollector != address(0)) {
emit FeeCollectionEnabled(_feeCollector);
}
if (_feeCollector == address(0)) {
emit FeeCollectionDisabled();
}
feeCollector = _feeCollector;
emit FeeCollectorSet(_feeCollector);
}

The problem arises because there is no check that _feeCollector != feeCollector. This means it is possible to call setFeeCollector and pass the zero address even if feeCollector is already 0.

This means is it possible to trigger FeeCollectionDisabled event emission without actually disabling the fee collector (because already disabled).

Impact

The impact of this issue is low as it leads to wrong event emission.

Tools Used

Manual review

Recommendations

setFeeCollector calls should revert if provided _feeCollector argument is 0 while fee collection is disabled (feeCollector is 0). But a more general solution would be to just check that _feeCollector != feeCollector, while simplifying one of the other check:

function setFeeCollector(address _feeCollector) external onlyOwner {
if (_feeCollector == feeCollector) {
revert();
}
if (feeCollector == address(0) {
emit FeeCollectionEnabled(_feeCollector);
}
if (_feeCollector == address(0)) {
emit FeeCollectionDisabled();
}
feeCollector = _feeCollector;
emit FeeCollectorSet(_feeCollector);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.