incorrect authorization modifier in RAACToken contract
Summary
RAACToken contract functions such as mint/burn/setFeecollector/setSwapTaxRate/setBurnRaxRate shold have modifier "onlyMinter" instead of "onlyOwner"
Vulnerability Details
RAACToken contract functions such as mint/burn/setFeecollector/setSwapTaxRate/setBurnRaxRate are intended to call from minter role. Therefore these functions should utlize "onlyMinter" as modifies instead of "onlyOwner"
Impact
If minter and owner are set to different identity, minter will not be able to call functions such as mint/burn/setFeecollector/setSwapTaxRate/setBurnRaxRate to make appropriate changes.
Tools Used
manual
Recommendations
consider change onlyOwner to onlyMinter in above specified function.
Lead Judging Commences
RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity
RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.