Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

RAACToken _update() burn tax instead of send to tax receiver leading to lose of fee by protocol

moray5554

Summary

RAACToken _update() burn tax instead of send to tax receiver leading to lose of fee. RAAC token have swap and burn taxes we have to think of as fee. It does mean that every time someone burn or swapping their RAAC token protocol collects those taxes. Meanwhile tax we should collect while burn tx actually being burned instead of being collected.

Vulnerability Details

RAACToken.sol

_update()

function _update(
address from,
address to,
uint256 amount
) internal virtual override {
uint256 baseTax = swapTaxRate + burnTaxRate;
// Skip tax for whitelisted addresses or when fee collector disabled
if (baseTax == 0 || from == address(0) || to == address(0) || whitelistAddress[from] || whitelistAddress[to] || feeCollector == address(0)) {
super._update(from, to, amount);
return;
}
// All other cases where tax is applied
uint256 totalTax = amount.percentMul(baseTax);
uint256 burnAmount = totalTax * burnTaxRate / baseTax; //@audit here we get amount that should be taxed as burn tax
super._update(from, feeCollector, totalTax - burnAmount);
super._update(from, address(0), burnAmount); //@audit should go to taxCollector
super._update(from, to, amount - totalTax);
}

As you can see now it's burning tax amount. This custom _update() will be triggered by any transfer between non-whitelisted users and will cause of lost of funds by the protocol

Impact

Lose of burn tax by protocol

Tools Used

Manual review

Recommendations

  • super._update(from, feeCollector, burnAmount);

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!