Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrectly assigned `feeCollector` breaks contract

OpaBatyo

Summary

An incorrectly assigned feeCollector inside RAACToken breaks the contract.

Vulnerability Details

Let's take a look at the constructor of RAACToken:

constructor(
address initialOwner,
uint256 initialSwapTaxRate,
uint256 initialBurnTaxRate
) ERC20("RAAC Token", "RAAC") Ownable(initialOwner) {
if (initialOwner == address(0)) revert InvalidAddress();
feeCollector = initialOwner;
if (initialSwapTaxRate > MAX_TAX_RATE) revert SwapTaxRateExceedsLimit();
swapTaxRate = initialSwapTaxRate == 0 ? 100 : initialSwapTaxRate; // default to 1% if 0
emit SwapTaxRateUpdated(swapTaxRate);
if (initialBurnTaxRate > MAX_TAX_RATE) revert BurnTaxRateExceedsLimit();
burnTaxRate = initialBurnTaxRate == 0 ? 50 : initialBurnTaxRate; // default to 0.5% if 0
emit BurnTaxRateUpdated(burnTaxRate);
}

The initialOwner that is passed is assigned as feeCollector. Which I believe is safe to assume is the FeeCollector contract within the protocol.

This becomes an issue since the contract is also passed to Ownable() as the owner of the RAACToken. An important function in RAACToken, is setting the RAAC Minter:

function setMinter(address _minter) external onlyOwner {
if (_minter == address(0)) revert InvalidAddress();
minter = _minter;
emit MinterSet(_minter);
}

The minter must be set in order for the RAAC Token contract to work correctly as it is the only address that can call the function to mint tokens:

function mint(address to, uint256 amount) external onlyMinter {
if (to == address(0)) revert InvalidAddress();
_mint(to, amount);
}

The minter is not set in the constructor either. The main issue is that the FeeCollector contract has no function which invokes to set the minter in the RAACToken contract. Without being able to set the minter from the fee collector (which is designated as owner of RAAC Token contract), no tokens can be minted.

Impact

No tokens can be minted in RAACToken since FeeCollector contract which is set as owner, has no functions to invoke setMinter() in the token.

Tools Used

Manual Review

Recommendations

Implement function in FeeCollector which invokes to set the minter of the RAACToken.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACToken sets FeeCollector as owner but never initializes minter in constructor; FeeCollector has no mechanism to call setMinter, permanently blocking all token minting functionality

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACToken sets FeeCollector as owner but never initializes minter in constructor; FeeCollector has no mechanism to call setMinter, permanently blocking all token minting functionality

Appeal created

anonymousjoe Auditor
7 months ago
inallhonesty Lead Judge
6 months ago
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

RAACToken sets FeeCollector as owner but never initializes minter in constructor; FeeCollector has no mechanism to call setMinter, permanently blocking all token minting functionality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!