#46320 [SC-Low] Executor fee will be stuck in the contract when rejectInvalidRedemption is called

Submitted on May 28th 2025 at 11:26:56 UTC by @Oxgritty for Audit Comp | Flare | FAssets

Report ID: #46320
Report Type: Smart Contract
Report severity: Low
Target: https://github.com/flare-foundation/fassets/blob/main/contracts/assetManager/library/RedemptionRequests.sol
Impacts:
- Contract fails to deliver promised returns, but doesn't lose value

Description

When agent vault owner will call rejectInvalidRedemption, to reject the redemption request, request will be deleted without burning executor fee.

When a redeemer creates a redemption request, he has the option to pay an executor fee with it. This is either paid to the executor, if he calls confirmRedemptionPayment with the payment proof or it is burned if agent submits the payment proof.
The problem lies in rejectInvalidRedemption function, which is called by the agent for a redemption request where the redeemer provided a invalid address, here the redemption request is deleted without burning the executor fee.

Executor fee will be stuck in the contract, instead of just burning it by sending it to a dead address.

This function lacks the executor fee burn mechanism: https://github.com/flare-foundation/fassets/blob/fc727ee70a6d36a3d8dec81892d76d01bb22e7f1/contracts/assetManager/library/RedemptionRequests.sol#L231-#L261

Redeemer calls redeem to create a redeem request where he provides invalid underlying redeemer address and also provides executor fees.
Agent vault owner calls rejectInvalidRedemption with the proof of invalid address to delete the redemption request.
Redemption request will be deleted, but executor fee will remain in the contract.

// rejectInvalidRedemption function is missing this code:-
            Redemptions.payOrBurnExecutorFee(request);

Was this helpful?