Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Incorrect Allocation of Fees to Treasury from Buy/Sell Swap Tax and NFT Royalty Fees

arturtoros

Summary

The FeeCollector contract incorrectly allocates remaining fees from the Buy/Sell Swap Tax (feeType 6) and NFT Royalty Fees (feeType 7) to the treasury, despite the intended design that specifies 0% should go to the treasury from these fee types. This misallocation can lead to confusion and undermine the protocol's intended fee distribution structure.

Vulnerability Details

Fee Distribution Logic: The current implementation allows for the calculation of shares for various fee types, including the treasury share. However, the logic incorrectly adds any remaining fees to the treasury share, which contradicts the intended allocation.

Example Scenario

Collecting Fees:
- Total fees collected from feeType 6 (Buy/Sell Swap Tax) = 1000 tokens.
- Fee distribution:
  - veRAACShare: 500 (5%)
  - burnShare: 500 (5%)
  - repairShare: 1000 (10%)
  - treasuryShare: 0 (0%)
Distributing Collected Fees:
- When distributeCollectedFees is called, the calculated shares would be:
  - shares[0] (veRAACShare) = (1000 * 500) / 10000 = 50 tokens
  - shares[1] (burnShare) = (1000 * 500) / 10000 = 50 tokens
  - shares[2] (repairShare) = (1000 * 1000) / 10000 = 100 tokens
  - shares[3] (treasuryShare) = (1000 * 0) / 10000 = 0 tokens
Calculating Remainder:
- Total shares = 50 + 50 + 100 + 0 = 200 tokens.
- Remainder = totalFees - total shares = 1000 - 200 = 800 tokens.
Incorrect Allocation to Treasury:
- The remainder (800 tokens) is incorrectly added to shares[3] (the treasury share), resulting in:
  - shares[3] = 800 tokens.
- This allocation contradicts the intended design where 0% should go to the treasury from feeType 6.

Impact

This vulnerability can lead to significant misallocation of funds, as the treasury receives tokens that were not intended for it. Moreover, the funds are sent to the treasury via safeTransferFrom() instead of deposit(), so the funds are unrecoverable.

Recommendations

1Adjust Fee Distribution Logic: Modify the logic in the distributeCollectedFees function to ensure that any excess funds from feeType 6 and feeType 7 are not allocated to the treasury. Instead, consider burning these excess tokens or handling them according to the protocol's intended design.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!