Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Lack of fee collection incentive in `FeeCollector::collectFee`

0xlouistsai

Summary

The FeeCollector::collectFee function is publicly accessible, allowing any user to send fees to the contract. However, this function is never called throughout the codebase, meaning there is no mechanism that requires or incentivizes users to call it, nor are fees properly charged during relevant protocol operations. This results in an ineffective fee collection mechanism that relies on voluntary user actions, making it difficult for the protocol to accumulate fees.

Vulnerability Details

The collectFee function is designed to allow the protocol to accumulate fees. However, since it is never invoked in the codebase, it effectively serves as a donation mechanism rather than a structured fee collection process. Users have no reason to voluntarily call this function, leading to a situation where the protocol struggles to gather operational fees.

Steps to Reproduce

  1. Deploy the FeeCollector contract.

  2. Observe that the collectFee function is never invoked in the codebase.

  3. No automated fee collection mechanism calls this function, and users have no incentive to do so.

  4. The protocol struggles to accumulate fees as a result.

Impact

  • No Automatic Fee Accumulation: The protocol fails to generate sustainable fee revenue.

  • Reliance on User Donations: Since no system component calls this function, fees can only be collected if users voluntarily send them, which is highly unlikely.

  • Protocol Financial Instability: Without a proper fee collection mechanism, the protocol lacks a structured way to sustain operations.

Tools Used

VSCode, Manual Review

Recommendations

Integrate collectFee Into fee-generating actions: Modify the protocol to ensure that fee-generating operations, such as token transfer or token burn, call collectFee automatically when relevant transactions occur.

For example, integrate the function into the RAAC Token transfer, instead of directly sending token to FeeCollector

The Fix in RAACToken::_update

function _update(
address from,
address to,
uint256 amount
) internal virtual override {
uint256 baseTax = swapTaxRate + burnTaxRate;
// Skip tax for whitelisted addresses or when fee collector disabled
if (baseTax == 0 || from == address(0) || to == address(0) || whitelistAddress[from] || whitelistAddress[to] || feeCollector == address(0)) {
super._update(from, to, amount);
return;
}
// All other cases where tax is applied
uint256 totalTax = amount.percentMul(baseTax);
uint256 burnAmount = totalTax * burnTaxRate / baseTax;
- super._update(from, feeCollector, totalTax - burnAmount); // swap tax
+ feeCollector.collecFee(totalTax - burnAmount, feeType); // @audit-fix Invoke collectFee to update fee collected amount
super._update(from, address(0), burnAmount); // burn tax
super._update(from, to, amount - totalTax); // actual receive
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACToken::burn sends tax directly to FeeCollector without using collectFee(), causing tokens to bypass accounting and remain undistributed. `collectFee` is not used anywhere.

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACToken::burn sends tax directly to FeeCollector without using collectFee(), causing tokens to bypass accounting and remain undistributed. `collectFee` is not used anywhere.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!