Fee Collector Address Restriction Prevents Disabling Fee Collection
Summary
The RAACMinter contract enforces a restriction that disallows setting the fee collector address to the zero address. This prevents administrators from disabling fee collection by setting the fee collector to address(0), potentially limiting flexibility in fee management.
Vulnerability Details
Within the setFeeCollector function of the RAACMinter contract, there is a check that reverts if the provided _feeCollector address is the zero address:
This logic prevents setting the fee collector to address(0), which is often used as a means to disable fee collection. If the protocol’s intended behavior is to allow fee collection to be disabled, this revert condition unnecessarily restricts that functionality.
Impact
• Operational Limitations: Administrators cannot disable fee collection by setting the fee collector to the zero address, which may be necessary in certain situations (e.g., to disable fees temporarily or permanently).
• Reduced Flexibility: The inability to disable fee collection might lead to unintended fee accruals, potentially affecting users and the protocol’s economic model.
Tools Used
Manual audit
Recommendations
• Reevaluate the Restriction: Review the intended fee management strategy to determine if disabling fee collection via setting the fee collector to the zero address is a valid use case.
• Allow Zero Address (if appropriate): If disabling fee collection is desired, remove or modify the revert condition to allow _feeCollector == address(0).
• Update Documentation
Lead Judging Commences
RAACMinter::setFeeCollector prevents disabling fees by blocking zero address assignment
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.