Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Improper Handling of Burn Tax in RAACToken Contract

aksoy

Summary

The burn function in the RAACToken contract is intended to burn a specified amount of tokens while applying a burn tax that is sent to a designated fee collector. However, if the fee collector is not assigned, the function fails to burn the full amount from the user, resulting in an incorrect burn operation.

Vulnerability Details

If the feeCollector is not assigned (i.e., it is the zero address), the tax amount is not transferred, and the function does not burn this portion from the user's balance. This results in a smaller amount being burned than intended.

function burn(uint256 amount) external {
uint256 taxAmount = amount.percentMul(burnTaxRate);
_burn(msg.sender, amount - taxAmount);
if (taxAmount > 0 && feeCollector != address(0)) {
//@audit not burned if fee collector is zero
_transfer(msg.sender, feeCollector, taxAmount);
}

Impact

The intended amount of tokens is not fully burned from the user's balance

Tools Used

Manual

Recommendations

Modify the burn function to ensure that the full amount is burned from the user's balance, regardless of whether the feeCollector is set. If the feeCollector is not set, the tax amount should also be burned.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACToken::burn incorrectly deducts tax amount but doesn't burn or transfer it when feeCollector is address(0), preventing complete token burns

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACToken::burn incorrectly deducts tax amount but doesn't burn or transfer it when feeCollector is address(0), preventing complete token burns

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.