Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Not all fees can be paid in `RAACToken`

ke1caM

Summary

FeeCollector is a contract implemented to collect fees from various protocol's products and functionalities. FeeCollector is created to interact only with RAACToken but some fees in other contracts are expected to be paid in other tokens since these contracts do not interact with RAACToken.

Vulnerability Details

As we can see collectFee function in FeeCollector can only take fee in RAACToken.

function collectFee(uint256 amount, uint8 feeType) external override nonReentrant whenNotPaused returns (bool) {
if (amount == 0 || amount > MAX_FEE_AMOUNT) revert InvalidFeeAmount();
if (feeType > 7) revert InvalidFeeType();
// Transfer tokens from sender
raacToken.safeTransferFrom(msg.sender, address(this), amount);
// Update collected fees
_updateCollectedFees(amount, feeType);
emit FeeCollected(feeType, amount);
return true;
}

FeeCollector has fee type number 1 (Lending Fees (1): Lending/borrowing activities) which should be charged in LendingPool contract. The issue is that the LendingPool contract does not handle RAACToken in any way, so the charged fees can't be sent and distributed in the FeeCollector contract.

Impact

Charged fees can't be sent and redistributed in the FeeCollector. Protocol does not work as intended and rewards recipients will not recieve their part of the expected rewards due to lack of functionality to handle tokens different than RAACToken.

Tools Used

Manual Review, Hardhat

Recommendations

Change LendingPool in a way that it can pay fees in RAACToken or change FeeCollector so it can receive and distiribute rewards in different tokens.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.