Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Bypassing Burn Tax via Small Transactions

0xkann

Summary

The burn function in the contract allows users to burn tokens while applying a burn tax. However, if the amount is small, the calculated taxAmount may round down to 0, allowing users to repeatedly burn small amounts without paying the burn tax. This could lead to tax evasion and disrupt the intended tokenomics.

Vulnerability Details

The function calculates the tax using amount.percentMul(burnTaxRate), which follows this formula:

taxAmount = (amount * burnTaxRate) / 10000

Since Solidity performs integer division, any fractional result is rounded down. If amount is too small, the division may round taxAmount to 0, effectively allowing the user to bypass the burn tax by repeatedly calling burn() with small amounts.

RAACToken.sol burn()

function burn(uint256 amount) external {
uint256 taxAmount = amount.percentMul(burnTaxRate); //20 * 50 / 10 000
_burn(msg.sender, amount - taxAmount);
if (taxAmount > 0 && feeCollector != address(0)) {
_transfer(msg.sender, feeCollector, taxAmount);
}
}

Impact

Users can burn tokens without paying tax, breaking the intended deflationary mechanism. The tax mechanism becomes ineffective unless users burn in large amounts.

Tools Used

Manual Review

Recommendations

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.