Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect Fee Type Initialization in `FeeCollector::_initializeFeeTypes` Function

roccomania

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/collectors/FeeCollector.sol#L379-L394

Summary

The FeeCollector::_initializeFeeTypes function in the contract contains incorrect calculations for fee distributions, specifically for Buy/Sell Swap Tax and NFT Royalty Fees. The values assigned to veRAACShare, burnShare, and repairShare are incorrectly scaled, leading to unintended fee distributions. This is a low-severity issue as it does not directly impact security but could cause financial discrepancies in fee allocations.

Vulnerability Details

Explanation

The _initializeFeeTypes function initializes fee distributions for various protocol activities. However, the calculations for Buy/Sell Swap Tax and NFT Royalty Fees are incorrect. The function uses a basis points system (where 10000 = 100%), but the values assigned for these fee types are incorrectly scaled. For example:

  • 0.5% should be represented as 50 basis points, but the code uses 500.

  • 1.0% should be represented as 100 basis points, but the code uses 1000.

This results in fee distributions in FeeCollector::_calculateDistribution that are 10 times larger than intended, leading to incorrect allocations of funds.

Root Cause in the Contract Function

The issue lies in the following sections of the _initializeFeeTypes function:

// Buy/Sell Swap Tax (2% total)
feeTypes[6] = FeeType({
veRAACShare: 500, // Intended: 0.5% (50 basis points), Actual: 5%
burnShare: 500, // Intended: 0.5% (50 basis points), Actual: 5%
repairShare: 1000, // Intended: 1.0% (100 basis points), Actual: 10%
treasuryShare: 0
});
// NFT Royalty Fees (2% total)
feeTypes[7] = FeeType({
veRAACShare: 500, // Intended: 0.5% (50 basis points), Actual: 5%
burnShare: 0,
repairShare: 1000, // Intended: 1.0% (100 basis points), Actual: 10%
treasuryShare: 500 // Intended: 0.5% (50 basis points), Actual: 5%
});

The incorrect scaling of basis points results in:

  • Buy/Sell Swap Tax: A total of 20% (2000 basis points) instead of the intended 2%.

  • NFT Royalty Fees: A total of 20% (2000 basis points) instead of the intended 2%.

Impact

  • Financial Discrepancies: Incorrect fee distributions lead to unintended financial losses for users and misallocation of funds within the protocol.

Tools Used

  • Manual Code Review: The vulnerability was identified through a manual review of the _initializeFeeTypes function.

Recommendations

  1. Correct Basis Points Scaling:

    • Update the _initializeFeeTypes function to use the correct basis points values for Buy/Sell Swap Tax and NFT Royalty Fees.

    // Buy/Sell Swap Tax (2% total)
    feeTypes[6] = FeeType({
    veRAACShare: 50, // 0.5% (50 basis points)
    burnShare: 50, // 0.5% (50 basis points)
    repairShare: 100, // 1.0% (100 basis points)
    treasuryShare: 0
    });
    // NFT Royalty Fees (2% total)
    feeTypes[7] = FeeType({
    veRAACShare: 50, // 0.5% (50 basis points)
    burnShare: 0,
    repairShare: 100, // 1.0% (100 basis points)
    treasuryShare: 50 // 0.5% (50 basis points)
    });
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!