Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Some restricted functions of the RAACToken contract are unusable

y0ng0p3

Summary

A flaw in the RAACToken::setFeeCollector function makes some restricted functions of the RAACToken contract unusable.

Vunerability Details

The RAACToken contract has several restricted functions. Only the owner can call the RAACToken::setFeeCollector function and only the minter can call the RAACToken::mint function. The minter (the RAACMinter contract) needs to be the able to call both of these functions to operates correctly.

File: https://github.com/Cyfrin/2025-02-raac/blob/dd5516a9b318b797f82015ee63170d9064514b16/contracts/core/minters/RAACMinter/RAACMinter.sol#L170-L193
function setFeeCollector(address _feeCollector) external onlyRole(UPDATER_ROLE) {
if (_feeCollector == address(0)) revert FeeCollectorCannotBeZeroAddress();
@-> raacToken.setFeeCollector(_feeCollector);
emit ParameterUpdated("feeCollector", uint256(uint160(_feeCollector)));
}
/**
* @dev Mints RAAC rewards to a specified address
* @param to Address to receive the minted RAAC tokens
* @param amount Amount of RAAC tokens to mint
*/
function mintRewards(address to, uint256 amount) external nonReentrant whenNotPaused {
if (msg.sender != address(stabilityPool)) revert OnlyStabilityPool();
uint256 toMint = excessTokens >= amount ? 0 : amount - excessTokens;
excessTokens = excessTokens >= amount ? excessTokens - amount : 0;
if (toMint > 0) {
@-> raacToken.mint(address(this), toMint);
}
raacToken.safeTransfer(to, amount);
emit RAACMinted(amount);
}

If RAACMinter is both the minter and the owner, it needs to be able to call all the restricted functions of the RAACToken contract including manageWhitelist(), setTaxRateIncrementLimit() and setMinter(). However, there is no way in the RAACMinter contract to call these functions on the RAACToken contract, making them unusable. It is even impossible to change the owner of RAACToken in that case since there is no function in RAACMinter allowing to transfer the ownership of RAACToken.

If instead the minter is not the owner, then it is the RAACToken::mint function that is unusable making the protocol unuable to mint users' rewards.

Impact

Either the mint function or some other restricted function are unusable depeding on whether the minter is the owner or not.

Tools Used

Manual review.

Recommendations

Make the RAACToken::setFeeCollector function callable by the minter.
Consider the following changes.

File: https://github.com/Cyfrin/2025-02-raac/blob/dd5516a9b318b797f82015ee63170d9064514b16/contracts/interfaces/core/tokens/IRAACToken.sol
+ error OnlyOwnerOrMinterCanCallThisFunction();
File: https://github.com/Cyfrin/2025-02-raac/blob/dd5516a9b318b797f82015ee63170d9064514b16/contracts/core/tokens/RAACToken.sol
+ modifier onlyOwnerOrMinter() {
+ if (msg.sender != minter || msg.sender != owner) revert OnlyOwnerOrMinterCanCallThisFunction();
+ _;
+ }
- function setFeeCollector(address _feeCollector) external onlyOwner {
+ function setFeeCollector(address _feeCollector) external onlyOwnerOrMinter {
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.