Core Contracts

Summary

The lack of restrictions in the burn function is a medium severity issue that can lead to potential denial of service attacks and unnecessary transactions. Implementing checks for minimum and maximum burn amounts and conducting thorough audits and testing are essential to address this issue and enhance the security and reliability of the contract.

Vulnerability Details

The burn function in the RAACToken contract allows users to burn any amount of tokens, including zero. This can lead to potential denial of service (DoS) attacks where a user can freeze the functionality by calling the burn function with a massive amount or repeatedly with zero amounts. This can cause unnecessary transactions and potentially exhaust the gas limit, leading to a DoS attack.

Impact

• Denial of Service: A malicious user can repeatedly call the burn function with zero amounts or a massive amount, causing unnecessary transactions and potentially exhausting the gas limit, leading to a DoS attack.

• Unnecessary Transactions: Allowing zero amount burns can lead to unnecessary transactions, increasing the load on the network and the contract.

• Loss of Trust: Unrestricted burning can lead to loss of trust in the token and the contract, affecting its credibility and value.

Tools Used

Recommendations

1. Minimum Burn Amount: Implement a check to ensure that the burned amount is greater than zero.

2. Maximum Burn Cap: Implement a maximum burn cap to prevent the burning of an excessively large amount of tokens.

3. Audit and Testing: Conduct a thorough audit and testing of the contract to ensure that the burning logic is correctly implemented and secure.