Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Incorrect Fee Distribution in `FeeCollector::_initializeFeeTypes()` Function

frontrunner

Overview

The _initializeFeeTypes function is responsible for initializing the fee distribution structure for various fee types in the contract. However, there is a critical issue in the fee distribution logic: the sum of the shares for some fee types does not equal 100% (10,000 basis points). This can lead to incorrect fee distribution, economic imbalances, and potential loss of funds.

Vulnerability Details

Functionality of _initializeFeeTypes:
- The function initializes an array of FeeType structures, each representing a different type of fee (e.g., protocol fees, lending fees, performance fees, etc.).
- Each FeeType specifies the distribution of fees among four categories:
  - veRAACShare: Share of fees distributed to veRAAC holders.
  - burnShare: Share of fees burned.
  - repairShare: Share of fees allocated to repairs or other purposes.
  - treasuryShare: Share of fees sent to the treasury.
Issue with Fee Distribution:
- For some fee types, the sum of the shares (veRAACShare, burnShare, repairShare, and treasuryShare) does not equal 10,000 basis points (100%).
- This inconsistency can lead to:
  - Unallocated Fees: A portion of the fees may remain unallocated, leading to economic imbalances.
  - Incorrect Distribution: Fees may not be distributed as intended, causing losses for stakeholders (e.g., veRAAC holders, treasury, etc.).
  - Economic Exploitation: Malicious actors could exploit the unallocated fees or incorrect distribution logic.
Examples of Incorrect Fee Types:
- Buy/Sell Swap Tax (FeeType 6):
  - veRAACShare: 500 (0.5%)
  - burnShare: 500 (0.5%)
  - repairShare: 1000 (1.0%)
  - treasuryShare: 0 (0%)
  - Total: 2000 (20%) — Missing 8000 (80%).
- NFT Royalty Fees (FeeType 7):
  - veRAACShare: 500 (0.5%)
  - burnShare: 0 (0%)
  - repairShare: 1000 (1.0%)
  - treasuryShare: 500 (0.5%)
  - Total: 2000 (20%) — Missing 8000 (80%).
Impact:
- Unallocated Funds: A significant portion of fees may remain unallocated, leading to funds being stuck in the contract or lost.
- Economic Loss: Stakeholders (e.g., veRAAC holders, treasury) may not receive their fair share of fees.
- Contract Inefficiency: The contract's fee distribution mechanism will not function as intended, undermining its purpose and fairness.

Here is the code snippet:

// Buy/Sell Swap Tax (2% total)

feeTypes[6] = FeeType({

veRAACShare: 500, // 0.5%

burnShare: 500, // 0.5%

repairShare: 1000, // 1.0%

treasuryShare: 0 // 0%

});

// NFT Royalty Fees (2% total)

feeTypes[7] = FeeType({

veRAACShare: 500, // 0.5%

burnShare: 0, // 0%

repairShare: 1000, // 1.0%

treasuryShare: 500 // 0.5%

});

Issue: The sum of the shares for feeTypes[6] and feeTypes[7] is only 2000 (20%), leaving 8000 (80%) unallocated.
Expected Behavior: The sum of the shares for each FeeType should equal 10,000 (100%) to ensure all fees are properly allocated.

Recommendations

To fix this issue, ensure that the sum of the shares for each FeeType equals 10,000 (100%). Here are the steps:

Review and Correct Fee Distributions:
- For each FeeType, ensure that veRAACShare + burnShare + repairShare + treasuryShare = 10,000.
- Example for feeTypes[6] (Buy/Sell Swap Tax):
  
  feeTypes[6] = FeeType({
  veRAACShare: 500, // 0.5%
  burnShare: 500, // 0.5%
  repairShare: 1000, // 1.0%
  treasuryShare: 8000 // 80%
  });
- Example for feeTypes[7] (NFT Royalty Fees):
  
  feeTypes[7] = FeeType({
  veRAACShare: 500, // 0.5%
  burnShare: 0, // 0%
  repairShare: 1000, // 1.0%
  treasuryShare: 8500 // 85%
  });
Add Validation:
- Implement a validation check to ensure that the sum of the shares equals 10,000 for each FeeType.
  
  require(
  veRAACShare + burnShare + repairShare + treasuryShare == 10_000,
  "Fee distribution must sum to 100%"
  );
Test the Fix:
- Write unit tests to verify that the fee distributions are correctly initialized and that the validation check works as intended.

The _initializeFeeTypes function currently initializes fee distributions where the sum of shares does not equal 100% for some fee types. This can lead to unallocated fees, incorrect distributions, and economic imbalances. By ensuring that the sum of shares equals 100% for each FeeType and adding validation checks, the contract will function as intended, ensuring fair and accurate fee distribution. This fix is critical for maintaining the integrity and trustworthiness of the fee distribution mechanism.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.