Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Invalid fee share initialization enables incorrect fee distribution

0xwhyzee

Description

The FeeCollector::_initializeFeeTypes function sets initial fee type configurations without validating that share percentages sum to 100% (10000 basis points). This creates a discrepancy with the FeeCollector::updateFeeType function which properly validates share totals, allowing invalid initial fee configurations that break core protocol functionality.

Proof of Concept

The contract initializes fee type 6 (Swap Tax) with shares totaling 2000 basis points (20%) instead of 10000:

contracts/core/collectors/FeeCollector.sol

function _initializeFeeTypes() internal {

// Buy/Sell Swap Tax (2% total)

feeTypes[6] = FeeType({

veRAACShare: 500, // 0.5%

burnShare: 500, // 0.5%

repairShare: 1000, // 1.0%

treasuryShare: 0

});

}

To verify the impact:

Deploy contract with default initialization
Collect swap tax fees
Distribute collected fees:

test/unit/core/collectors/FeeCollector.test.js

it('shows invalid distribution from unvalidated initialization', async () => {

// Collect 100 tokens for swap tax (type 6)

await feeCollector.connect(owner).collectFee(ethers.parseEther("100"), 6);

const shares = await feeCollector.calculateDistribution();

const expectedTotal = ethers.parseEther("100");

const actualTotal = shares[0] + shares[1] + shares[2] + shares[3];

// Should be 100% but only 20% distributed

expect(actualTotal).to.be.lt(expectedTotal);

});

Impact

High Severity - Causes permanent protocol fee misallocations:
- 80% of swap tax fees remain stuck in contract
- Treasury/rewards receive incorrect percentages
- Violates core protocol economic model

Recommendation

Add validation to initialization function:

contracts/core/collectors/FeeCollector.sol

function _initializeFeeTypes() internal {

// Initialize fee type 6

FeeType memory swapTax = FeeType({

veRAACShare: 500,

burnShare: 500,

repairShare: 1000,

treasuryShare: 0

});

+ require(swapTax.veRAACShare + swapTax.burnShare + swapTax.repairShare + swapTax.treasuryShare == BASIS_POINTS,

+ "Invalid shares");

feeTypes[6] = swapTax;

}

Correct initial share allocations:

- repairShare: 1000, // 1.0%

+ repairShare: 9000, // 90.0%

- treasuryShare: 0

+ treasuryShare: 0 // Remaining 0%

Create separate initialization function with access control that performs validation checks before setting initial state

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.