Closed sherlock-admin3 closed 4 months ago
Escalate
Dup of #267
Escalate
Dup of #267
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #267
Result: High Duplicate of #267
popeye
high
Incorrect Fee Distribution in
FeeManager.sol
Contract Affects Referrer RewardsSummary
The
_splitProtocolFee
function in theFeeManager.sol
contract incorrectly distributes the collection referrer's share of the protocol fee to the mint referrer instead of the actual collection referrer. This bug affects the fair distribution of referrer shares and can lead to incorrect accounting and lack of incentive for collection referrers.Vulnerability Detail
The
_splitProtocolFee
function is responsible for splitting the protocol fee among the protocol fee receiver, mint referrer, and collection referrer. However, there is an issue in the way the collection referrer's share is being distributed.In the current implementation, the collection referrer's share (
collectionReferrerShare
) is being sent to thereferrer_
address, which represents the mint referrer. This means that the mint referrer is receiving both their own share (mintReferrerShare
) and the collection referrer's share, effectively doubling their intended share. Meanwhile, the actual collection referrer, whose address should bereferrers[edition_]
, is not receiving any share at all.Here's the affected code snippet:
As shown above, both the
mintReferrerShare
andcollectionReferrerShare
are being sent to thereferrer_
address, which is incorrect for the collection referrer's share. This bug leads to an unfair distribution of rewards, as the mint referrer receives more than their fair share, while the collection referrer receives nothing. It can also result in incorrect accounting and reporting of referrer shares, causing discrepancies in financial records.Impact
The incorrect distribution of the collection referrer's share has several impacts:
Code Snippet
Tool used
Manual Review
Recommendation
To mitigate this vulnerability, the code in the
_splitProtocolFee
function should be updated to correctly send the collection referrer's share to their address instead of the mint referrer. Here's the recommended code change:Duplicate of #267