Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Inconsistency in Tax Rate Validation During Initialization and Updates

0xkann

Summary

The contract RAACTOKEN.SOL applies different validation rules for tax rate settings in the constructor compared to the update functions. While the constructor only checks if the initial tax rates exceed MAX_TAX_RATE, the _setTaxRate function enforces an additional constraint using taxRateIncrementLimit, which limits how much the tax rate can change in a single update.

Vulnerability Details
Constructor Behavior:

  • The constructor only ensures that initialSwapTaxRate and initialBurnTaxRate do not exceed MAX_TAX_RATE.

  • It does not apply any incremental limits, allowing the initial tax rates to be set arbitrarily within the maximum cap.

  • Update Function Behavior:

    • _setTaxRate applies a stricter condition by checking whether the new tax rate exceeds the taxRateIncrementLimit.

If the new rate is more than currentRate + maxChange or is reduced by more than maxChange, the update is reverted with TaxRateChangeExceedsAllowedIncrement.


Inconsistency in Tax Rate Adjustments:

Since the constructor does not enforce taxRateIncrementLimit, the initial tax rate could be set significantly higher or lower than what an owner could later update it to.

This could create a scenario where an extremely high tax rate is set initially, but future owners cannot reduce it below the allowed increment limit in a single transaction.

constructor(
address initialOwner,
uint256 initialSwapTaxRate,
uint256 initialBurnTaxRate
) ERC20("RAAC Token", "RAAC") Ownable(initialOwner) {
if (initialOwner == address(0)) revert InvalidAddress();
feeCollector = initialOwner;
if (initialSwapTaxRate > MAX_TAX_RATE) revert SwapTaxRateExceedsLimit();
swapTaxRate = initialSwapTaxRate == 0 ? 100 : initialSwapTaxRate; // default to 1% if 0
emit SwapTaxRateUpdated(swapTaxRate);
if (initialBurnTaxRate > MAX_TAX_RATE) revert BurnTaxRateExceedsLimit();
burnTaxRate = initialBurnTaxRate == 0 ? 50 : initialBurnTaxRate; // default to 0.5% if 0
emit BurnTaxRateUpdated(burnTaxRate);
}
//.....................//
function setSwapTaxRate(uint256 rate) external onlyOwner { _setTaxRate(rate, true); }
/**
* @dev Sets the burn tax rate
* @param rate The new burn tax rate (in basis points)
*/
function setBurnTaxRate(uint256 rate) external onlyOwner { _setTaxRate(rate, false); }
function _setTaxRate(uint256 newRate, bool isSwapTax) private {
if (newRate > MAX_TAX_RATE) revert TaxRateExceedsLimit();
uint256 currentRate = isSwapTax ? swapTaxRate : burnTaxRate;
if (currentRate != 0) {
uint256 maxChange = currentRate.percentMul(taxRateIncrementLimit);
// Check if the new rate is too high (newRate > currentRate + maxChange) or too low (newRate < currentRate && currentRate - newRate > maxChange) by more than the allowed increment
bool isTooHighOrTooLow = newRate > currentRate + maxChange || newRate < currentRate && currentRate - newRate > maxChange;
if (isTooHighOrTooLow) {
revert TaxRateChangeExceedsAllowedIncrement();
}
}
if (isSwapTax) {
swapTaxRate = newRate;
emit SwapTaxRateUpdated(newRate);
} else {
burnTaxRate = newRate;
emit BurnTaxRateUpdated(newRate);
}
}

Tools Used
Manual Review

Recommendations

Ensure Consistency:

  • Apply taxRateIncrementLimit logic in the constructor to prevent drastic initial values.

  • Alternatively, remove taxRateIncrementLimit in _setTaxRate if unrestricted initial values are intended.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.