Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

When burning, only a portion of the tax is transferred to the fee collector instead of the full tax amount.

ChainProof

Summary

Initially its calculated the tax amount when burning. Then its transferred taxAmount to feeCollector. But only portion of the taxAmount is transffered , rest is burned. So, a portion of the fee is being lost.

Vulnerability Details

function burn(uint256 amount) external {

uint256 taxAmount = amount.percentMul(burnTaxRate);

_burn(msg.sender, amount - taxAmount);

if (taxAmount > 0 && feeCollector != address(0)) {

_transfer(msg.sender, feeCollector, taxAmount);

}

function _update(

address from,

address to,

uint256 amount

) internal virtual override {

uint256 baseTax = swapTaxRate + burnTaxRate;

// Skip tax for whitelisted addresses or when fee collector disabled

if (baseTax == 0 || from == address(0) || to == address(0) || whitelistAddress[from] || whitelistAddress[to] || feeCollector == address(0)) {

super._update(from, to, amount);

return;

}

// All other cases where tax is applied

uint256 totalTax = amount.percentMul(baseTax);

uint256 burnAmount = totalTax * burnTaxRate / baseTax;

super._update(from, feeCollector, totalTax - burnAmount);

super._update(from, address(0), burnAmount);

super._update(from, to, amount - totalTax);

}

An issue with the current implementation is that , the fee that should have been sent to the fee collector is burned here when transferring the burning tax to fee feeCollector

Impact

Fee that should go to fee collector as a tax is also burnt.(Portion of the fee is being lost)

Tools Used

Manual review

Recommendations

When transferring tokens, the burnTaxRate should not be be charged since the intention is only to charge it when burning.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACToken::burn applies burn tax twice when transferring to feeCollector, causing excess tokens to be burned and reduced fees to be collected

This is by design, sponsor's words: Yes, burnt amount, done by whitelisted contract or not always occur the tax. The feeCollector is intended to always be whitelisted and the address(0) is included in the _transfer as a bypass of the tax amount, so upon burn->_burn->_update it would have not applied (and would also do another burn...). For this reason, to always apply such tax, the burn function include the calculation (the 2 lines that applies) and a direct transfer to feeCollector a little bit later. This is done purposefully

inallhonesty Lead Judge about 1 month ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACToken::burn applies burn tax twice when transferring to feeCollector, causing excess tokens to be burned and reduced fees to be collected

Appeal created

inallhonesty Lead Judge about 1 month ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

RAACToken::burn applies burn tax twice when transferring to feeCollector, causing excess tokens to be burned and reduced fees to be collected

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.