Updating Fees for Buy/Sell tax or NFT Royalty will always revert
Summary
Calling updateFeeType for type 6 (Buy/Sell Swap Tax) and type 7 (NFT Royalty Fees) will always revert, even when providing the expected fee sum of 2000 for these fee types.
Vulnerability Details
The Buy/Sell Swap Tax and the NFT Royalty Fees are initialize with 2000 as a sum of the fees.
However, trying to update these fees will revert since updateFeeType will validate that the news fees sum are equal to 10000. This validation was presumably done to validate all other fee types for which the sum must be equal to 10000.
https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/collectors/FeeCollector.sol#L91
Impact
The Buy/Sell Swap Tax and the NFT Royalty Fees will never be able to be updated since calling updateFeeType for these fees types will always revert. The likelyhood can be considered high since updates for these fee types will never work, but the impact can be considered low/medium since the values are already initialized on the constructor (which will call _initializeFeeTypes) and also only the FEE_MANAGER_ROLE is able to call updateFeeType.
Tools Used
Manual Review.
Recommendations
In updateFeeType, add a check if the feeType input is equal to 6 and 7. If it is, then validate that the sum is equal to 2000 instead of 10000. The check for 10000 can be maintained for the remaining fee types. For example, the following solution could be used:
Lead Judging Commences
Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.