Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Fee Manager is not able to update Buy/Sell Swap and TaxNFT Royalty Fees

meeve

Summary

Inside FeeCollector there is defined updateFeeType function, but Fee Manager cannot use it to update all the fees.

Vulnerability Details

Check in line 8 assumes, that all FeeTypes should have 100% in total which is not true, because there are some fee types which are only 2% in total. These are Buy/Sell Swap and TaxNFT Royalty Fees ( FeeCollector line 380 and 388 )

What is more line 5 suggests that these two are also updateable since they are in positions 6 and 7 in thefeeTypes array.

// FeeCollector.sol 220
function updateFeeType(uint8 feeType, FeeType calldata newFee) external override {
if (!hasRole(FEE_MANAGER_ROLE, msg.sender)) revert UnauthorizedCaller();
if (feeType > 7) revert InvalidFeeType();
// Validate fee shares total to 100%
if (newFee.veRAACShare + newFee.burnShare + newFee.repairShare + newFee.treasuryShare != BASIS_POINTS) {
revert InvalidDistributionParams();
}
feeTypes[feeType] = newFee;
emit FeeTypeUpdated(feeType, newFee);
}

Impact

Fee Manager would not be able to update Buy/Sell Swap and TaxNFT Royalty Fees.

Tools Used

Manual Review

Recommendations

This function should only check if all the fees are less or equal to BASIS_POINTS

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!