Improper handling of raacToken burning when fee collection is disabled
Summary
The current implementation of the burn() function in the RAACToken contract does not allow users to burn the full amount of tokens they intend when the fee collection is disabled (i.e., when the feeCollector is set to the zero address).
Vulnerability Details
In the RAACToken.burn() function, the taxAmount is calculated based on the burnTaxRate, and the remaining tokens are burned from the user's balance. If the feeCollector is set to the zero address, the function should allow users to burn the entire amount they specify without any deductions.
However, the current implementation still calculates a taxAmount, which results in users being unable to burn the full amount they intended.
For example:
If a user wants to burn 1000 tokens and the burnTaxRate is 0.5%, the function would only allow them to burn 995 tokens (1000 - 5), with 5 tokens being sent to the feeCollector.
This behavior is incorrect when the feeCollector is zero, as users should be able to burn all 1000 tokens but their balance will only be reduced by 995.
Impact
It undermines the expected functionality of the token burning process, especially when protocol has disabled fee collection resultin in inconvenience for users.
Tools Used
Manual Review
Recommendations
Modify the burn() function to check if the feeCollector is set to the zero address. If it is, allow users to burn the full amount they specify without any deductions.
Lead Judging Commences
RAACToken::burn incorrectly deducts tax amount but doesn't burn or transfer it when feeCollector is address(0), preventing complete token burns
RAACToken::burn incorrectly deducts tax amount but doesn't burn or transfer it when feeCollector is address(0), preventing complete token burns
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.