Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

set swap tax rate and set burn tax rate uses wrong access control

vs_

Summary

set swap tax rate and set burn tax rate uses wrong access control i.e instead of using onlyminter modifer it uses only owner modifer

Vulnerability Details

Following are set swap and set burn tax rate functions in raac token contract

function setSwapTaxRate(uint256 rate) external onlyOwner { _setTaxRate(rate, true); }
/**
* @dev Sets the burn tax rate
* @param rate The new burn tax rate (in basis points)
*/
function setBurnTaxRate(uint256 rate) external onlyOwner { _setTaxRate(rate, false); }

They use only owner modifer and from contructor it is seen that fee collector is set to the owner

constructor(
address initialOwner,
uint256 initialSwapTaxRate,
uint256 initialBurnTaxRate
) ERC20("RAAC Token", "RAAC") Ownable(initialOwner) {
if (initialOwner == address(0)) revert InvalidAddress();
feeCollector = initialOwner;
if (initialSwapTaxRate > MAX_TAX_RATE) revert SwapTaxRateExceedsLimit();
swapTaxRate = initialSwapTaxRate == 0 ? 100 : initialSwapTaxRate; // default to 1% if 0
emit SwapTaxRateUpdated(swapTaxRate);
if (initialBurnTaxRate > MAX_TAX_RATE) revert BurnTaxRateExceedsLimit();
burnTaxRate = initialBurnTaxRate == 0 ? 50 : initialBurnTaxRate; // default to 0.5% if 0
emit BurnTaxRateUpdated(burnTaxRate);
}

Plus in raac minter contract there are following functions

function setSwapTaxRate(uint256 _swapTaxRate) external onlyRole(UPDATER_ROLE) {
if (_swapTaxRate > 1000) revert SwapTaxRateExceedsLimit();
raacToken.setSwapTaxRate(_swapTaxRate);
emit ParameterUpdated("swapTaxRate", _swapTaxRate);
}
/**
* @dev Sets the burn tax rate for the RAAC token
* @param _burnTaxRate The new burn tax rate to be set
* @notice Only the contract owner can call this function
* @notice This function updates the burn tax rate in the RAAC token contract
*/
function setBurnTaxRate(uint256 _burnTaxRate) external onlyRole(UPDATER_ROLE) {
if (_burnTaxRate > 1000) revert BurnTaxRateExceedsLimit();
raacToken.setBurnTaxRate(_burnTaxRate);
emit ParameterUpdated("burnTaxRate", _burnTaxRate);
}

So it is clear from above that instead of using onlyowner modifer only minter modifier is needed to be used.

Plus in support of my finding minter cannot be the owner of raac token because in raac token because suppose minter is also owner of raac token then the following whitlisting functionality will be useless because there is no functionality in minter to update the whitelisted addresses.

function manageWhitelist(address account, bool add) external onlyOwner {
if (add) {
if(account == address(0)) revert CannotWhitelistZeroAddress();
if(whitelistAddress[account]) revert AddressAlreadyWhitelisted();
emit AddressWhitelisted(account);
} else {
if(account == address(0)) revert CannotRemoveZeroAddressFromWhitelist();
if(!whitelistAddress[account]) revert AddressNotWhitelisted();
emit AddressRemovedFromWhitelist(account);
}
whitelistAddress[account] = add;
}

Impact

Tools Used

Recommendations

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.