Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

`RAACMinter` is not the owner of `RAACToken` and can't use some of it's functions

ke1caM

Summary

RAACMinter has implemented functions that should allow it to interact with RAACToken functions. However these functions inside RAACToken have onlyOwner modifier, not onlyMinter and minter can't interact with them.

Vulnerability Details

These are the funcions that are implemented in RAACMinter. All of them interact with RAACToken.

function setSwapTaxRate(uint256 _swapTaxRate) external onlyRole(UPDATER_ROLE) {

if (_swapTaxRate > 1000) revert SwapTaxRateExceedsLimit();

raacToken.setSwapTaxRate(_swapTaxRate);

emit ParameterUpdated("swapTaxRate", _swapTaxRate);

}

function setBurnTaxRate(uint256 _burnTaxRate) external onlyRole(UPDATER_ROLE) {

if (_burnTaxRate > 1000) revert BurnTaxRateExceedsLimit();

raacToken.setBurnTaxRate(_burnTaxRate);

emit ParameterUpdated("burnTaxRate", _burnTaxRate);

}

function setFeeCollector(address _feeCollector) external onlyRole(UPDATER_ROLE) {

if (_feeCollector == address(0)) revert FeeCollectorCannotBeZeroAddress();

raacToken.setFeeCollector(_feeCollector);

emit ParameterUpdated("feeCollector", uint256(uint160(_feeCollector)));

}

When we look at RAACToken implementation we can see that these functions are guarded by onlyOwner modifiers but the minter should be able to interact with them.

function setFeeCollector(address _feeCollector) external onlyOwner {

// Fee collector can be set to zero address to disable fee collection

if(feeCollector == address(0) && _feeCollector != address(0)){

emit FeeCollectionEnabled(_feeCollector);

}

if (_feeCollector == address(0)){

emit FeeCollectionDisabled();

}

feeCollector = _feeCollector;

emit FeeCollectorSet(_feeCollector);

}

function setSwapTaxRate(uint256 rate) external onlyOwner { _setTaxRate(rate, true); }

function setBurnTaxRate(uint256 rate) external onlyOwner { _setTaxRate(rate, false); }

RAACToken implements onlyMinter modifier but it is not used to guard these functions what prevents minter from interacting with them.

modifier onlyMinter() {

if (msg.sender != minter) revert OnlyMinterCanMint();

}

Impact

Minter can't call functions that are meant to be used by minter. This breaks minter expected functionality.

Tools Used

Manual Review, Hardhat

Recommendations

Change onlyOwner modifier to onlyMinter modifier.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.