Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Last two fee types could not be updated.

abdu1242112

Summary

FeeCollector.sol had a total of eight feeTypes and could be updated by calling the function updateFeeTypewhich checks for input validation and other checks as well and one of these checks will not allow to update the last two feeTypes.

Vulnerability Details

There are eight feeTypes in a FeeCollector.sol contract and the last two are ( Buy/Sell Swap Tax ) and ( NFT Royalty Fees ). Except these two feeTypes all other types cover BASIS_POINTS which is 100 percent and these two feeTypes only covers 2 percent each.

Now if protocol needs to update these two feeTypesthen they had to update it in a way that it also covers 100 percent of BASIS_POINTSwhich is not intended and won't allow to increase/decrease a little percentage which is not expected.

The code and check that will not allow such updation of the last two fees is as follows:

function updateFeeType(uint8 feeType, FeeType calldata newFee) external override {
if (!hasRole(FEE_MANAGER_ROLE, msg.sender)) revert UnauthorizedCaller();
if (feeType > 7) revert InvalidFeeType();
// Validate fee shares total to 100%
@> if (newFee.veRAACShare + newFee.burnShare + newFee.repairShare + newFee.treasuryShare != BASIS_POINTS) {
@> revert InvalidDistributionParams();
@> }
feeTypes[feeType] = newFee;
emit FeeTypeUpdated(feeType, newFee);
}

LINK TO CODE:

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/collectors/FeeCollector.sol#L220-L231

Impact

Won't let protocol increase/decrease a little percentage of the last two feeTypes. But enforces to increase in a way that it will cover 100 percent.

Tools Used

Manual review

Recommendations

Specific this check for all other feeTypes except for the last two types.

function updateFeeType(uint8 feeType, FeeType calldata newFee) external override {
if (!hasRole(FEE_MANAGER_ROLE, msg.sender)) revert UnauthorizedCaller();
if (feeType > 7) revert InvalidFeeType();
+ if (feeType < 6) {
// Validate fee shares total to 100%
if (newFee.veRAACShare + newFee.burnShare + newFee.repairShare + newFee.treasuryShare != BASIS_POINTS) {
revert InvalidDistributionParams();
}
+ }
feeTypes[feeType] = newFee;
emit FeeTypeUpdated(feeType, newFee);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.