Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Incorrect Fee Calculation in _initializeFeeTypes()

ashutoshsb

Summary :
The _initializeFeeTypes() function in the smart contract miscalculates the Buy/Sell Swap Tax and NFT Royalty Fees due to incorrect basis points calculation. The contract follows a BASIS_POINTS system in where 10,000 represents 100%, but the function _initializeFeeTypes() sets fees at 20% instead of the intended 2%, leading to significantly higher fees for users.

Vulnerability Details :
The contract is designed to distribute protocol fees using a basis points system, where values are set out of 10,000. However, in `_initializeFeeTypes()`, the Buy/Sell Swap Tax and NFT Royalty Fees are assigned values corresponding to 20% instead of 2%
in the below code:
veRAACShare, burnShare and treasuryShare is set to 500 which is equal to 5% and repairShare is set to 1000 which is equal to 10% according to the BASIS_POINTS system.
But the intended fees is expecting to be 0.5% and 1%

// Buy/Sell Swap Tax (2% total)

feeTypes[6] = FeeType({

veRAACShare: 500, // 0.5%

burnShare: 500, // 0.5%

repairShare: 1000, // 1.0%

treasuryShare: 0

});

// NFT Royalty Fees (2% total)

feeTypes[7] = FeeType({

veRAACShare: 500, // 0.5%

burnShare: 0,

repairShare: 1000, // 1.0%

treasuryShare: 500 // 0.5%

});

Impact :
Users are charged more by 10 times than the expected amount in both Buy/Sell Swap Tax and NFT Royalty Fees, due to which user loose money and will give a negative impact on the platform’s usability and trust.

Tools Used :
Manual

Recommendations :
Set the fee types correctly as below

// Buy/Sell Swap Tax (2% total)

feeTypes[6] = FeeType({

veRAACShare: 50, // 0.5%

burnShare: 50, // 0.5%

repairShare: 100, // 1.0%

treasuryShare: 0

});

// NFT Royalty Fees (2% total)

feeTypes[7] = FeeType({

veRAACShare: 50, // 0.5%

burnShare: 0,

repairShare: 100, // 1.0%

treasuryShare: 50 // 0.5%

});

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.