Incomplete Token Burn When Fee Collector Is Not Set
Summary
In the burn() function of the RAACToken contract, when feeCollector is set to address(0), the burning mechanism fails to burn the complete amount of tokens that the user intended to burn. The function calculates a tax amount but only burns amount - taxAmount. When there is no fee collector set, the taxAmount portion remains in the user's balance instead of being burned.
Users attempting to burn tokens when no fee collector is set will have taxAmount tokens remaining in their balance, contrary to their intention to burn the full amount. This creates confusion and requires additional transactions to burn the remaining tokens.
Vulnerability Details
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/tokens/RAACToken.sol#L83C1-L86C6
Impact
Additional gas costs if users need to make a second transaction to burn the remaining tokens
Recommendations
Lead Judging Commences
RAACToken::burn incorrectly deducts tax amount but doesn't burn or transfer it when feeCollector is address(0), preventing complete token burns
RAACToken::burn incorrectly deducts tax amount but doesn't burn or transfer it when feeCollector is address(0), preventing complete token burns
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.