Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Tax Rates Not Set as Intended

igdbaxe

Impact

Incorrect Tax Rates
If the deployer sets initialSwapTaxRate or initialBurnTaxRate to a value other than 100 or 50, the protocol may operate with incorrect tax rates. For example:
- If initialSwapTaxRate is set to 10, the swap tax rate will be 0.1% instead of the intended 1%.
- If initialBurnTaxRate is set to 5, the burn tax rate will be 0.05% instead of the intended 0.5%.
Protocol Misalignment
The protocol's intended behavior (1% swap tax and 0.5% burn tax) may not be enforced, leading to potential revenue loss or inefficiencies in tokenomics.
Lack of Explicit Enforcement
The contract does not explicitly enforce the intended rates (100 for swap tax and 50 for burn tax). Instead, it allows any value below MAX_TAX_RATE, which could lead to misconfigurations.

Proof of Concept
Affected Code

Constructor Logic
solidity
constructor(
address initialOwner,
uint256 initialSwapTaxRate,
uint256 initialBurnTaxRate
) ERC20("RAAC Token", "RAAC") Ownable(initialOwner) {
if (initialOwner == address(0)) revert InvalidAddress();
feeCollector = initialOwner;

if (initialSwapTaxRate > MAX_TAX_RATE) revert SwapTaxRateExceedsLimit();
swapTaxRate = initialSwapTaxRate == 0 ? 100 : initialSwapTaxRate; // default to 1% if 0
emit SwapTaxRateUpdated(swapTaxRate);

if (initialBurnTaxRate > MAX_TAX_RATE) revert BurnTaxRateExceedsLimit();
burnTaxRate = initialBurnTaxRate == 0 ? 50 : initialBurnTaxRate; // default to 0.5% if 0
emit BurnTaxRateUpdated(burnTaxRate);
}

Affected Link Constructor in RAACToken withdraws

Issue Demonstration
- If the deployer sets initialSwapTaxRate = 10 and initialBurnTaxRate = 5, the contract will initialize with:
  - swapTaxRate = 10 (0.1%)
  - burnTaxRate = 5 (0.05%)
- This is significantly lower than the intended rates of 1% and 0.5%.

Tools Used

Manual code review

Recommended Mitigation Steps
To ensure the protocol operates with the intended tax rates, the constructor should explicitly enforce swapTaxRate = 100 and burnTaxRate = 50. Here’s how to fix the issue:

Updated Constructor
solidity
constructor(
address initialOwner
) ERC20("RAAC Token", "RAAC") Ownable(initialOwner) {
if (initialOwner == address(0)) revert InvalidAddress();
feeCollector = initialOwner;

// Enforce intended tax rates

swapTaxRate = 100; // 1%

emit SwapTaxRateUpdated(swapTaxRate);

burnTaxRate = 50; // 0.5%

emit BurnTaxRateUpdated(burnTaxRate);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!