Submission Details
Severity:
RAACToken.sol have incorrect condition implementation in _update function
Summary
In RAACToken , function _update is using the wrong condition , it uses the address zero and in this condition is updating the function .
Vulnerability Details
In RAACToken , function _update is using the wrong condition , it uses the address zero and in this condition is updating the function .
if (baseTax == 0 || from == address(0) || to == address(0) || whitelistAddress[from] || whitelistAddress[to] || feeCollector == address(0)) {
super._update(from, to, amount); // q why is the condition for from == address(0) here?
return;
function _update(
address from,
address to,
uint256 amount
) internal virtual override {
uint256 baseTax = swapTaxRate + burnTaxRate;
// Skip tax for whitelisted addresses or when fee collector disabled
if (baseTax == 0 || from == address(0) || to == address(0) || whitelistAddress[from] || whitelistAddress[to] || feeCollector == address(0)) {
super._update(from, to, amount); // q why is the condition for from == address(0) here?
return;
}
// All other cases where tax is applied
uint256 totalTax = amount.percentMul(baseTax);
uint256 burnAmount = totalTax * burnTaxRate / baseTax;
super._update(from, feeCollector, totalTax - burnAmount); // q why we are subtracting burnAmount from total tax not from ammount .
super._update(from, address(0), burnAmount);
super._update(from, to, amount - totalTax);
}
Impact
If-else condition will check for address zero and update the function . so , the ammount is diverted in zero account and fund loss will happen
Tools Used
Manual Review
Recommendations
Change the condition .
Do not allow the address zero to make changes .
Updates
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.