Description:
The burn function is designed to deduct a burn tax (calculated as a percentage of the burned amount) and transfer it to a designated feeCollector. However, if the feeCollector is set to the zero address (address(0)), the conditional check prevents any transfer of the tax amount. This misconfiguration leads to a scenario where the tax is not collected at all, allowing users to burn tokens without incurring the full intended tax.

Impact:

• Bypassed Burn Tax: Users effectively burn fewer tokens than expected since the tax amount is not transferred or burned when feeCollector is address(0).

• Distorted Tokenomics: The intended reduction in token supply via the burn mechanism is undermined, potentially destabilizing the token's economic model.

• Potential Abuse: Malicious actors might exploit this loophole to bypass burn taxes, resulting in an unintended supply imbalance.

Proof of Concept:

1. Setup: The feeCollector address is set to address(0) either deliberately or due to a misconfiguration.

2. User Action: A user calls the burn function with a specified amount of tokens to be burned.

3. Tax Calculation: The function calculates the burn tax (taxAmount) based on the burnTaxRate.

4. Token Burn: The function proceeds to burn the user's tokens, subtracting the tax amount, so only (amount - taxAmount) tokens are burned.

5. Conditional Check: The function checks whether taxAmount is greater than 0 and if feeCollector is not address(0). Since feeCollector is address(0), the condition fails.

6. Outcome: No tax tokens are transferred or burned, allowing the user to bypass the intended burn tax, resulting in a lower effective token burn.

Recommended Mitigation:

1. Enforce Valid Fee Collector: Ensure that feeCollector is always set to a valid, non-zero address. Validate this in the constructor and any setter functions.

2. Automatic Burn of Tax Tokens: Modify the burn function so that if feeCollector is address(0), the calculated taxAmount is automatically burned rather than skipped.

3. To fix this issue, we need to ensure that the burn tax is always applied, regardless of whether feeCollector is set or not. If feeCollector is zero, the tax amount should be burned instead of being sent to feeCollector.

This approach will help secure the burn functionality and maintain the integrity of the token’s economic model.