Core Contracts

Summary

Some RAACToken functionalities will be unusable.

Vulnerability Details

1️⃣ As it can be seen here on RAACToken::constructor() the FeeCollector contract is meant to be the initalOwner. Yet the FeeCollector has 0 logic calling the RAACToken contract. This means that any onlyOnwer function on the RAACToken contract will be unusable. Devs have confimred that indeed the initial owner is FeeColletor via private message on discord too.

2️⃣ We can also see that functions like RAACToken::setSwapTaxRate() onlyOwner or RAACToken::setBurnTaxRate() onlyOwner are actually called from the RAACMinter here. Which leads to think that either at some point in the future RAACMinter will be the owner (which is impossible if FeeCollector is inital admin), or that the modifier is wrongly coded and it should be the exisitng onlyMinter one.

Due to the lack of enough documentaiton I can't know which are the intended behaviours for all these functions. But they are clearly wrong and contradictory.

Impact

• Some or all RAACToken onlyOnwer functionalities will be unusable.

• onlyMinter modifier exists but it is never used, probably it has been a mistake and the 2 functions named were meant to have it.

Anyway important functons form the RAACToken contract are unusable and wrongly coded.

Recommendations

• Add logic to the FeeCollector so it can interact the contracts it owns.

• Or make another contract the owner of the RAACToken contract.

• Use the unused but coded: onlyMinter modifier on the RAACToken contract.