Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Protocol does not collect expected fees

ke1caM

Summary

FeeCollector is created to receive fees in RAACToken for various activities that user can participate in protocol's ecostystem. These fees are meant to be distributed to recipients such as veRAACToken holders. The issue is that most of these fees are not implemented and collected in the codebase.

Vulnerability Details

If we look at the DOCS the protocol expects to implement 8 types of fees which are meant to be collected are distrbuted to recipients.

1. Protocol Fees (0): General operations
2. Lending Fees (1): Lending/borrowing activities
3. Performance Fees (2): Yield products
4. Insurance Fees (3): NFT loan insurance
5. Mint/Redeem Fees (4): Token operations
6. Vault Fees (5): Vault management
7. Swap Tax (6): Trading operations
8. NFT Royalties (7): NFT transactions

If we closely examine the in-scope contracts we can spot that only Swap Tax is being implemented in RAACToken. Rest of the fees are not implemnted, calculated or transfered to FeeCollector in any form. For example, if we look at Vaults/Gauges implementations, there are no fees that can be charged and trasnfered to FeeCollector.

Impact

Contracts do not implement and collect fees. They do not transfer them to FeeCollector which is expected behaviour as FeeCollector is explicitly created for this function, to collect fees from other contracts. Since it is not done this causes disruption in the protocol as recpients will never receive expected shares of the fees that were meant to be collected.

Tools Used

Manual Review, Hardhat

Recommendations

Implemenent expected fees and transfer them to FeeCollector.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.