Submission Details
Severity:
`RAACTokens` get stuck in the `FeeCollector` after the `burn` function is called
Summary
RAACTokens get stuck in the FeeCollector after the burn function is called
Vulnerability Details
This happens due to the following line in the RAACToken::burn function:
function burn(uint256 amount) external {
uint256 taxAmount = amount.percentMul(burnTaxRate);
_burn(msg.sender, amount - taxAmount);
if (taxAmount > 0 && feeCollector != address(0)) {
@> _transfer(msg.sender, feeCollector, taxAmount);
}
}
By being transferred this way, the RAACTokens are practically stuck in FeeCollector contract, because they are not accounted for. This will not be the case if the FeeCollector::collectFee function is called instead
Impact
RAACTokens get stuck in the FeeCollector because they are not accounted for
Tools Used
Manual Review
Recommendations
Instead transfer the taxAmount to the RAACToken contract, then approve the FeeCollector and call collectFee function
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACToken::burn sends tax directly to FeeCollector without using collectFee(), causing tokens to bypass accounting and remain undistributed. `collectFee` is not used anywhere.
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACToken::burn sends tax directly to FeeCollector without using collectFee(), causing tokens to bypass accounting and remain undistributed. `collectFee` is not used anywhere.
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.