Incorrect Condition in update Function Leading to Potential Fund Burning Without Tax
Summary
The incorrect condition in the update function is a medium severity issue that can lead to potential fund burning without applying the intended tax and potential misuse. Refining the condition and conducting thorough audits and testing are essential to address this issue and enhance the security and reliability of the contract. The severity of this issue is classified as medium due to the potential financial impact and misuse.
Vulnerability Details
The update function in the RAACToken contract contains a condition that can lead to unintended behavior. Specifically, if the to address is the zero address, the condition becomes true, and the function proceeds to burn funds without applying the tax. Additionally, if a user is not in the whitelistAddress, the condition can still be true, leading to potential misuse. This can result in funds being burned without the intended tax being applied, leading to potential financial loss and misuse.
Impact
Fund Burning Without Tax: If the
toaddress is the zero address, funds can be burned without applying the intended tax, leading to potential financial loss.Potential Misuse: The condition can be true even if a user is not in the
whitelistAddress, leading to potential misuse and unintended behavior.
Tools Used
manual review
Recommendations
Condition Refinement: Refine the condition to ensure that funds are not burned without applying the intended tax, and that only whitelisted addresses are exempt from the tax.
Audit and Testing: Conduct a thorough audit and testing of the contract to ensure that the condition logic is correctly implemented and secure.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.