# #46320 \[SC-Low] Executor fee will be stuck in the contract when rejectInvalidRedemption is called **Submitted on May 28th 2025 at 11:26:56 UTC by @Oxgritty for** [**Audit Comp | Flare | FAssets**](https://immunefi.com/audit-competition/audit-comp-flare-fassets) * **Report ID:** #46320 * **Report Type:** Smart Contract * **Report severity:** Low * **Target:** * **Impacts:** * Contract fails to deliver promised returns, but doesn't lose value ## Description ## Brief/Intro * When agent vault owner will call `rejectInvalidRedemption`, to reject the redemption request, request will be deleted without burning executor fee. ## Vulnerability Details * When a redeemer creates a redemption request, he has the option to pay an executor fee with it. This is either paid to the executor, if he calls `confirmRedemptionPayment` with the payment proof or it is burned if agent submits the payment proof. * The problem lies in `rejectInvalidRedemption` function, which is called by the agent for a redemption request where the redeemer provided a invalid address, here the redemption request is deleted without burning the executor fee. ## Impact Details * Executor fee will be stuck in the contract, instead of just burning it by sending it to a dead address. ## References * This function lacks the executor fee burn mechanism: ## Proof of Concept ## Proof of Concept 1. Redeemer calls `redeem` to create a redeem request where he provides invalid underlying redeemer address and also provides executor fees. 2. Agent vault owner calls `rejectInvalidRedemption` with the proof of invalid address to delete the redemption request. 3. Redemption request will be deleted, but executor fee will remain in the contract. ```solidity // rejectInvalidRedemption function is missing this code:- Redemptions.payOrBurnExecutorFee(request); ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/flare-fassets-or-mainnet-audit-comp/46320-sc-low-executor-fee-will-be-stuck-in-the-contract-when-rejectinvalidredemption-is-called.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.