Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

`RAACToken` can't manage whitelists and increment tax rates due to `onlyOwner` modifiers

056Security

Summary

Looking at the codebase of RAAC, we can see that the RAACMinter contract is meant to be the owner of the RAACToken contract. RAACToken inherits OZ's Ownable contract, which means that it can have only one owner at a time. However, with the current set-up of RAACMinter, there won't be any way to update the token's whitelist and rax rate limits, as RAACMinter does not have the functionality to do so.

Vulnerability Details

Looking at the code in RAACMinter, we can see that it is meant to update onlyOwner functions in RAACToken:

/**
* @dev Sets the swap tax rate for the RAAC token
* @param _swapTaxRate The new swap tax rate to be set
* @notice Only the contract owner can call this function
* @notice This function updates the swap tax rate in the RAAC token contract
*/
function setSwapTaxRate(uint256 _swapTaxRate) external onlyRole(UPDATER_ROLE) {
if (_swapTaxRate > 1000) revert SwapTaxRateExceedsLimit();
raacToken.setSwapTaxRate(_swapTaxRate);
emit ParameterUpdated("swapTaxRate", _swapTaxRate);
}
/**
* @dev Sets the burn tax rate for the RAAC token
* @param _burnTaxRate The new burn tax rate to be set
* @notice Only the contract owner can call this function
* @notice This function updates the burn tax rate in the RAAC token contract
*/
function setBurnTaxRate(uint256 _burnTaxRate) external onlyRole(UPDATER_ROLE) {
if (_burnTaxRate > 1000) revert BurnTaxRateExceedsLimit();
raacToken.setBurnTaxRate(_burnTaxRate);
emit ParameterUpdated("burnTaxRate", _burnTaxRate);
}
/**
* @dev Sets the fee collector address
* @param _feeCollector The address of the new fee collector
* @notice Only the contract owner can call this function
* @notice This function updates the fee collector address in the RAAC token contract
*/
function setFeeCollector(address _feeCollector) external onlyRole(UPDATER_ROLE) {
if (_feeCollector == address(0)) revert FeeCollectorCannotBeZeroAddress();
raacToken.setFeeCollector(_feeCollector);
emit ParameterUpdated("feeCollector", uint256(uint160(_feeCollector)));
}

If this is true, then RAACMinter needs to be set as the owner RAACToken. However, if this is done then, the setTaxRateIncrementLimit() and manageWhitelist() functions won't be callable, as they are not called in RAACMinter.

Impact

Inability to update crucial state variables in RAACToken.

Tools Used

Manual review.

Recommendations

Implement UPDATED_ROLE function in RAACMinter for RACCToken's setTaxRateIncrementLimit and manageWhitelist onlyOwner functions.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!