Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

RAACMinter contains functions that will never work

shui

Summary

RAACMinter includes functions to modify RAACToken parameters like fee collector and tax rates. These functions require owner privileges on RAACToken which RAACMinter does not have, making these functions unusable. Additionally, even if ownership is transferred to RAACMinter, it lacks functions to call all RAACToken owner privileged functions.

Vulnerability Details

RAACMinter includes the following functions that attempt to call privileged functions on RAACToken:

// RAACMinter.sol
function setFeeCollector(address _feeCollector) external onlyRole(UPDATER_ROLE) {
if (_feeCollector == address(0)) revert FeeCollectorCannotBeZeroAddress();
raacToken.setFeeCollector(_feeCollector);
emit ParameterUpdated("feeCollector", uint256(uint160(_feeCollector)));
}
function setSwapTaxRate(uint256 _swapTaxRate) external onlyRole(UPDATER_ROLE) {
if (_swapTaxRate > 1000) revert SwapTaxRateExceedsLimit();
raacToken.setSwapTaxRate(_swapTaxRate);
emit ParameterUpdated("swapTaxRate", _swapTaxRate);
}
function setBurnTaxRate(uint256 _burnTaxRate) external onlyRole(UPDATER_ROLE) {
if (_burnTaxRate > 1000) revert BurnTaxRateExceedsLimit();
raacToken.setBurnTaxRate(_burnTaxRate);
emit ParameterUpdated("burnTaxRate", _burnTaxRate);
}

However, these functions in RAACToken are protected by onlyOwner:

// RAACToken.sol
function setFeeCollector(address _feeCollector) external onlyOwner {
feeCollector = _feeCollector;
emit FeeCollectorSet(_feeCollector);
}
function setSwapTaxRate(uint256 rate) external onlyOwner { _setTaxRate(rate, true); }
function setBurnTaxRate(uint256 rate) external onlyOwner { _setTaxRate(rate, false); }
// RAACMinter lacks function to call this
function manageWhitelist(address account, bool add) external onlyOwner {
if (add) {
if(account == address(0)) revert CannotWhitelistZeroAddress();
if(whitelistAddress[account]) revert AddressAlreadyWhitelisted();
emit AddressWhitelisted(account);
} else {
if(account == address(0)) revert CannotRemoveZeroAddressFromWhitelist();
if(!whitelistAddress[account]) revert AddressNotWhitelisted();
emit AddressRemovedFromWhitelist(account);
}
whitelistAddress[account] = add;
}

Since RAACMinter is not the owner of RAACToken, these functions will always revert. Additionally, even if ownership is transferred to RAACMinter, it lacks functions to call owner privileged functions like manageWhitelist(), making some RAACToken functionality inaccessible.

Impact:

  • Functions in RAACMinter that modify RAACToken parameters are unusable

  • If ownership is transferred to RAACMinter, some RAACToken owner functions become inaccessible

  • Unnecessary code that could confuse integrators

  • No security risk as control remains with RAACToken owner

Tools Used:
Manual Review

Recommendations:

  1. Remove these functions from RAACMinter since they cannot work without ownership

  2. If these functions are needed in RAACMinter:

    • Clearly document that RAACToken ownership must be transferred

    • Add all necessary functions to access RAACToken owner functionality

  3. Consider redesigning the access control system if RAACMinter genuinely needs these capabilities

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!