Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect Basis Point Calculation in `_initializeFeeTypes` Leading to Incorrect Fee Distribution

Fortis Audits

Summary:

The _initializeFeeTypes function in the FeeCollector contract uses incorrect basis point values for calculating certain fee distributions, specifically for Swap Tax and NFT Royalties. This leads to incorrect percentages being assigned to different stakeholders (veRAAC holders, burn, repair fund, and treasury), resulting in a loss of funds for the intended recipients and potentially gaining unintended beneficiaries.

Vulnerability Details:

The _initializeFeeTypes function sets up the distribution percentages for different fee types. Basis points are used for percentage calculations, where 10000 represents 100%. However, for Swap Tax (feeType 6) and NFT Royalties (feeType 7), the code uses 500 to represent 0.5%, which is actually 5%. The correct value for 0.5% should be 50. Furthermore, the repair share is set to 1000 (10%) instead of 100 (1%).

[https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/collectors/FeeCollector.sol#L380-#L394]

// Buy/Sell Swap Tax (2% total) <-- Comment is correct about 2% total
feeTypes[6] = FeeType({
veRAACShare: 500, // 0.5% <-- INCORRECT: Should be 50
burnShare: 500, // 0.5% <-- INCORRECT: Should be 50
repairShare: 1000, // 1.0% <-- INCORRECT: Should be 100
treasuryShare: 0
});
// NFT Royalty Fees (2% total) <-- Comment is correct about 2% total
feeTypes[7] = FeeType({
veRAACShare: 500, // 0.5% <-- INCORRECT: Should be 50
burnShare: 0,
repairShare: 1000, // 1.0% <-- INCORRECT: Should be 100
treasuryShare: 500 // 0.5% <-- INCORRECT: Should be 50
});

Because of this error, the Swap Tax and NFT Royalties are distributed as follows:

  • Swap Tax: 5% to veRAAC holders, 5% to burn, 10% to repair, and 0% to treasury (total 20% instead of intended 2%).

  • NFT Royalties: 5% to veRAAC holders, 0% to burn, 10% to repair, and 5% to treasury (total 20% instead of intended 2%).

This is a 10x error in the 0.5% distributions and a 10x error in the 1% repair share distribution.

Impact:

The incorrect basis point calculation leads to a significant over-allocation of fees to the burn address, repair fund and veRAAC holders, and a corresponding under-allocation to the treasury. This results in:

  • Loss of Funds: The treasury receives significantly less revenue than intended.

  • Unfair Distribution: veRAAC holders and the repair fund receive a larger share of the fees than they should.

  • Token Burning Imbalance: More tokens are burned than intended, potentially affecting the tokenomics.

  • Excessive Repair Fund Allocation: The repair fund receives 10 times the intended amount, locking up more funds than necessary.

Tools Used:

Manual code review.

Recommended Mitigation:

Correct the basis point values in the _initializeFeeTypes function for Swap Tax and NFT Royalties to accurately reflect the intended percentages:

// Buy/Sell Swap Tax (2% total)
feeTypes[6] = FeeType({
- veRAACShare: 500, // 0.5%
+ veRAACShare: 50, // 0.5%
- burnShare: 500, // 0.5%
+ burnShare: 50, // 0.5%
- repairShare: 1000, // 1.0%
+ repairShare: 100, // 1.0%
treasuryShare: 0
});
// NFT Royalty Fees (2% total)
feeTypes[7] = FeeType({
- veRAACShare: 500, // 0.5%
+ veRAACShare: 50, // 0.5%
burnShare: 0,
- repairShare: 1000, // 1.0%
+ repairShare: 100, // 1.0%
- treasuryShare: 500 // 0.5%
+ treasuryShare: 50 // 0.5%
});
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!