Submission Details
Severity:
`RAACToken.setBurnTaxRate()` Has Incorrect Access Control
Summary
The RAACToken.setBurnTaxRate() function utilizes the onlyOwner modifier, allowing only the owner of the RAACToken contract to call it. However, the RAACMinter contract, which is not the owner, attempts to invoke this function.
Vulnerability Details
The RAACToken.setBurnTaxRate() has the modifier onlyOwner.
function setBurnTaxRate(uint256 rate) external onlyOwner { _setTaxRate(rate, false); }
However, the RAACMinter contract, which is not the owner of the RAACToken contract, calls the RAACToken.setBurnTaxRate() function. This call will always revert.
function setBurnTaxRate(uint256 _burnTaxRate) external onlyRole(UPDATER_ROLE) {
if (_burnTaxRate > 1000) revert BurnTaxRateExceedsLimit();
160 raacToken.setBurnTaxRate(_burnTaxRate);
emit ParameterUpdated("burnTaxRate", _burnTaxRate);
}
Impact
RAACMinter.setBurnTaxRate() will always revert.
Tools Used
Manual review
Recommendations
Adjust the modifier.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.