Submission Details
Severity:
RAACToken will not burn full amount when fee collector is not set
Summary
When RAACToken is burnt, tax amount is deducted from burn amount. This tax amount will not be transferred to fee collector if fee collector address is not set.
Vulnerability Details
The following is implementation of RAACToken.burn
function burn(uint256 amount) external {
uint256 taxAmount = amount.percentMul(burnTaxRate);
_burn(msg.sender, amount - taxAmount);
if (taxAmount > 0 && feeCollector != address(0)) { // @audit tax amount is not burnt when fee collector is address(0)
_transfer(msg.sender, feeCollector, taxAmount);
}
}
When burnTaxRate is greater than 0 and fee collector is not set, tax amount will not be burnt nor transferred.
Impact
This can lead to integration vulnerability with other platforms
When distributing collected fees, raac token will not be burnt full amount and be stuck in fee collector
if (shares[1] > 0) raacToken.burn(shares[1]);
Tools Used
Manual Review
Recommendation
Calculate taxAmount only when feeCollector address is not zero
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACToken::burn incorrectly deducts tax amount but doesn't burn or transfer it when feeCollector is address(0), preventing complete token burns
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACToken::burn incorrectly deducts tax amount but doesn't burn or transfer it when feeCollector is address(0), preventing complete token burns
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.