Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Incorrect Fee Distribution Due to Invalid Basis Point Allocation in Fee Types 6 and 7 in `FeeCollector::_initializeFeeTypes` function

0x23r0

Summary

The FeeCollector::_initializeFeeTypes function initializes Swap Tax (type 6) and NFT Royalties (type 7) fee types with distribution parameters that sum to only 2,000 basis points (20%) instead of the required 10,000 basis points (100%). This causes 80% of the fees collected under these types to be misdirected to the treasury, violating the intended distribution ratios and undermining the protocol’s economic model.

Vulnerability Details

The contract enforces that the sum of distribution shares (veRAACShare, burnShare, repairShare, treasuryShare) must equal BASIS_POINTS (10,000). This invariant is checked in the updateFeeType function for updates but is bypassed during initial fee type setup.

function updateFeeType(uint8 feeType, FeeType calldata newFee) external override {

if (!hasRole(FEE_MANAGER_ROLE, msg.sender)) revert UnauthorizedCaller();

if (feeType > 7) revert InvalidFeeType();

// Validate fee shares total to 100%

@>> if (newFee.veRAACShare + newFee.burnShare + newFee.repairShare + newFee.treasuryShare != BASIS_POINTS) {

revert InvalidDistributionParams();

}

feeTypes[feeType] = newFee;

emit FeeTypeUpdated(feeType, newFee);

}

Incorrect Initialization:
In the _initializeFeeTypes function, fee types 6 and 7 are set with distribution parameters that total only 2,000. For example:
- Fee Type 6 (Swap Tax):
  - veRAACShare: 500
  - burnShare: 500
  - repairShare: 1000
  - treasuryShare: 0
  - Total: 500 + 500 + 1000 + 0 = 2000
- Fee Type 7 (NFT Royalties):
  - veRAACShare: 500
  - burnShare: 0
  - repairShare: 1000
  - treasuryShare: 500
  - Total: 500 + 0 + 1000 + 500 = 2000
Distribution Logic Impact:
Within the _calculateDistribution function, the fee amount for each fee type is scaled by its distribution parameters. Because fee types 6 and 7 only allocate 20% of the fee (2000/10000), the intended proportions for veRAAC holders, burning, and repair funds are significantly reduced. The remaining 80% of each fee type is then allocated to the treasury via the remainder handling logic.

function _calculateDistribution(uint256 totalFees) internal view returns (uint256[4] memory shares) {

uint256 totalCollected;

for (uint8 i = 0; i < 8; i++) {

uint256 feeAmount = _getFeeAmountByType(i);

if (feeAmount == 0) continue;

FeeType memory feeType = feeTypes[i];

totalCollected += feeAmount;

uint256 weight = (feeAmount * BASIS_POINTS) / totalFees;

shares[0] += (weight * feeType.veRAACShare) / BASIS_POINTS;

shares[1] += (weight * feeType.burnShare) / BASIS_POINTS;

shares[2] += (weight * feeType.repairShare) / BASIS_POINTS;

shares[3] += (weight * feeType.treasuryShare) / BASIS_POINTS;

}

if (totalCollected != totalFees) revert InvalidFeeAmount();

shares[0] = (totalFees * shares[0]) / BASIS_POINTS;

shares[1] = (totalFees * shares[1]) / BASIS_POINTS;

shares[2] = (totalFees * shares[2]) / BASIS_POINTS;

shares[3] = (totalFees * shares[3]) / BASIS_POINTS;

uint256 remainder = totalFees - (shares[0] + shares[1] + shares[2] + shares[3]);

if (remainder > 0) shares[3] += remainder;

}

Impact

veRAAC holders and the mechanisms for token burning and repair funds, receive only a fraction of the fees as originally intended. This under-allocation can undermine participant incentives.

Tools Used

Manual Review

Recommendations

Update the initialization of fee types 6 and 7 in the _initializeFeeTypes function so that the sum of their distribution parameters equals BASIS_POINTS (10,000). This will ensure that the fee distribution mechanism works as intended.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.