Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Unexpected Tax Application in Burn Function Causes User Confusion in RAACToken

0xluckyluke

Summary

The burn function in the RAACToken contract applies a burnTaxRate to the burned amount, diverting the tax portion to the FeeCollector instead of burning it, while only burning the net amount (amount - taxAmount). This deviates from standard ERC20 burn behavior, where the entire amount is typically removed from circulation without generating fees. This unusual design may confuse users expecting full supply reduction.

Vulnerability Details

The vulnerability lies in the burn function of the RAACToken contract:

function burn(uint256 amount) external {
uint256 taxAmount = amount.percentMul(burnTaxRate);
_burn(msg.sender, amount - taxAmount);
if (taxAmount > 0 && feeCollector != address(0)) {
_transfer(msg.sender, feeCollector, taxAmount);
}
}

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/tokens/RAACToken.sol#L80-L86

Impact

User Confusion: Users expect burns to fully reduce the token supply (e.g., 100 RAACToken burned = 100 less in total supply), but here, only 99.5 RAACToken is removed, potentially leading to misunderstandings about token economics.

Tools Used

Recommendations

modify the burn function to burn the full amount without applying burnTaxRate:

function burn(uint256 amount) external {
_burn(msg.sender, amount - taxAmount);
}

This aligns with standard ERC20 behavior, ensuring full supply reduction.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.