Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Fee shares validation prevents updates to fee types

falendar

Summary

The FeeCollector contract's updateFeeType function incorrectly requires all fee shares to total 10,000 basis points, preventing updates to fee types initialized with 2,000 basis points.

Vulnerability Details

Fee types 6 and 7 are initialized with total shares of 2,000 basis points, while all other fee types use 10,000 (the comments are incorrect because 1,000 basis points represent 10%):

// Buy/Sell Swap Tax (2% total)
feeTypes[6] = FeeType({
veRAACShare: 500, // 0.5%
burnShare: 500, // 0.5%
repairShare: 1000, // 1.0%
treasuryShare: 0
});

However, updateFeeType incorrectly validates that shares must total 10,000 basis points:

function updateFeeType(uint8 feeType, FeeType calldata newFee) external override {
if (!hasRole(FEE_MANAGER_ROLE, msg.sender)) revert UnauthorizedCaller();
if (feeType > 7) revert InvalidFeeType();
// validate fee shares total to 100%
> if (newFee.veRAACShare + newFee.burnShare + newFee.repairShare + newFee.treasuryShare != BASIS_POINTS) {
revert InvalidDistributionParams();
}
feeTypes[feeType] = newFee;
emit FeeTypeUpdated(feeType, newFee);
}

Impact

Medium: Fee manager cannot update fee types 6 and 7 due to validation mismatch and is forced to use 10,000 basis points when lower basis points are needed.

Recommendations

Consider modifying or removing the validation logic, or initialize every fee type with 10,000 basis points to maintain initial state through updates.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.