Core Contracts

Summary

RAACToken directly transfers the swap fee and burn fee to the feeCollector address instead of calling the collectFee function in the FeeCollector contract. This prevents FeeCollector from correctly recording these fees and subsequently distributing them. As a result, the fees can only be withdrawn through the emergencyWithdraw function.

Vulnerability Details

RAACToken implements a transaction tax and burn tax mechanism, where a portion of the fees should be processed and distributed through the FeeCollector contract.

However, after calculating the tax fees, RAACToken uses _transfer or _update to directly transfer the fees to FeeCollector instead of calling FeeCollector::collectFee.

In the FeeCollector contract, the collectFee function is responsible for updating the collectedFees data structure, ensuring proper tracking and later distribution. Since RAACToken does not call collectFee, these fees are not recorded by FeeCollector, preventing them from entering the normal distribution process.

As a result, untracked fees accumulate within FeeCollector and can only be withdrawn through the emergencyWithdraw function.

Impact

The swap and burn tax fees collected from RAACToken transactions remain locked in the FeeCollector contract and can only be withdrawn via emergencyWithdraw to the treasury, bypassing the intended proportional distribution mechanism.

Tools Used

Manual

Recommendations

Modify the RAACToken contract to call feeCollector.collectFee() when collecting fees instead of directly transferring funds to the FeeCollector address.