Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: low
Invalid

Missing Pre-Transfer Allowance and Balance Verification in Fee Collection

Summary

The function does not verify if the user has sufficient allowance and balance before invoking safeTransferFrom in the fee collection function.

Vulnerability Details

While the ERC-20 token’s transfer mechanism (via SafeERC20) will eventually revert if these conditions are not met, the function performs further operations and state updates before this failure is triggered.

Impact

Bad User experience and unnnecessary gas costs.

Tools Used

Manual Review

Recommendations

Add explicit checks to verify that the sender’s allowance is at least equal to the amount to be transferred.

uint256 allowance = raacToken.allowance(msg.sender, address(this));
if (allowance < amount) revert InsufficientAllowance();

Similarly, check that the sender’s balance is sufficient:

uint256 senderBalance = raacToken.balanceOf(msg.sender);
if (senderBalance < amount) revert InsufficientBalance();
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.