F-2026-0017·uncollected-fee

_handleMint fee is computed but never collected

Fixedbridgecross-chainkey-registrygithub.com/pdxwebdev/yadakeyeventwallet
TL;DR

_handleMint subtracts tokenFee from the minted amount but never transfers the fee to feeCollector, so the fee is silently discarded on every mint operation.

Severity
LOW
Impact
LOW
Likelihood
HIGH
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

_handleMint calculates a tokenFee and subtracts it from the minted amount, but never transfers the fee to feeCollector or anyone else.

03Section · Recommendation

Recommendation

Mint the fee to feeCollector:

solidity
function _handleMint(...) internal {
    ...
    uint256 tokenFee =
        (recipient.amount * mctx.feeInfo.fee) / maxFeeRate;
    uint256 netAmount = recipient.amount - tokenFee;


    IMockERC20(permit.token).mint(recipient.recipientAddress, netAmount);
    if (tokenFee > 0)
        IMockERC20(permit.token).mint(feeCollector, tokenFee);
}
04Section · Resolution

Resolution

YadaCoin, Confirmed.

Zealynx, Fixed.

Status
Fixed
ZEALYNX SECURITY · published 2026-03-05
F-2026-0017

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx