Core Contracts

Summary

In the RAACToken.sol contract the burn function sends tokens directly to the feeCollector address instead of using the FeeCollector::collectFee function. This can lead to funds being stuck in the feeCollector contract without updating the necessary state variables.

Vulnerability Details

The vulnerability arises from the burn function, which calculates a taxAmount and transfers it directly to the feeCollector address. However, the FeeCollector contract has a collectFee function that updates state variables related to fee collection. By bypassing this function and transferring tokens directly, the feeCollector contract does not update its state variables, leading to stuck funds.

Example Scenario

Consider the following scenario:

1. A user burns 1,000 RAAC tokens with a burn tax rate of 5% (50 tokens).

2. The burn function calculates the taxAmount as 50 tokens and transfers them directly to the feeCollector address.

3. The FeeCollector contract does not update its state variables because the collectFee function was not called.

4. The 50 tokens are now stuck in the feeCollector contract without being properly accounted for in the fee collection system.

Impact

By transferring tokens directly to the feeCollector address without using the collectFee function, the protocol fails to update the necessary state variables. This can lead to inconsistencies in the fee collection system and potentially stuck funds that cannot be properly managed or distributed. It undermines the integrity of the fee collection mechanism and can lead to financial discrepancies.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, update the burn function to use the FeeCollector::collectFee function for transferring the taxAmount to the feeCollector.