Whitelisted Addresses Subject to Tax in burn Function
Summary
The issue of whitelisted addresses being subject to tax in the burn function is a medium severity issue that can lead to unintended financial impact and loss of trust. Implementing a whitelist check and conducting thorough audits and testing are essential to address this issue and enhance the security and reliability of the contract.
Vulnerability Details
The burn function in the RAACToken contract applies a tax to all addresses, including whitelisted addresses that are intended to make tax-free transfers. This can lead to unintended financial impact on whitelisted addresses, which are supposed to be exempt from the tax. The function should check if the address is whitelisted before applying the tax.
Impact
Unintended Financial Impact: Whitelisted addresses, which are supposed to be exempt from the tax, are incorrectly subjected to the tax, leading to unintended financial impact.
Loss of Trust: The incorrect application of the tax can lead to loss of trust in the token and the contract, affecting its credibility and value.
Tools Used
Recommendations
Whitelist Check: Implement a check to ensure that whitelisted addresses are exempt from the tax.
Audit and Testing: Conduct a thorough audit and testing of the contract to ensure that the tax logic is correctly implemented and secure.
Lead Judging Commences
RAACToken::burn doesn't check if msg.sender is whitelisted, causing whitelisted users to pay burn taxes despite being exempt from transfer taxes
By Design according to the sponsor
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.