Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

RAACMinter Prevents Disabling Fee Collection

aksoy

Summary

The RAAC token contract allows the fee collector to be set to the zero address, effectively disabling fee collection. However, the RAACMinter contract enforces a check that prevents setting the fee collector to the zero address. This inconsistency between the two contracts restricts a key feature of the RAAC token, as owner cannot disable fee collection through the RAACMinter contract.

Vulnerability Details

The RAAC token contract allows the fee collector to be set to the zero address, enabling or disabling fee collection. Which is also mentionet in the docs.

  • Setting the fee collector to the zero address disables fee collection, allowing all transfers to be tax-free

RaacMinter controls RAAC token parameters such as tax rates and fee collector. And when it is set as owner ,contract prevents setting the fee collector to the zero address, reverting with FeeCollectorCannotBeZeroAddress.

function setFeeCollector(address _feeCollector) external onlyRole(UPDATER_ROLE) {
if (_feeCollector == address(0)) revert FeeCollectorCannotBeZeroAddress();
raacToken.setFeeCollector(_feeCollector);
emit ParameterUpdated("feeCollector", uint256(uint160(_feeCollector)));
}

Impact

The RAACMinter contract enforces a stricter validation rule, preventing the use of a feature (disabling fee collection) that is explicitly supported by the RAAC token.

Tools Used

Manual

Recommendations

Remove the zero-address check in the RAACMinter contract to allow disabling fee collection.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter::setFeeCollector prevents disabling fees by blocking zero address assignment

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.