Incorrect `_splitProtocolFee` logic leaves collection referrer with no collectionReferrerShare

Summary

Incorrect `_splitProtocolFee` logic sends `collectionReferrerShare` to the mint referrer instead of the collection referrer

Vulnerability Detail

In FeeManager.sol's _splitProtocolFee function the protocol routes fees to the referrer. However, if mint referrer and collection referrer are different users, the collection referrer loses their share of the fee.

function _splitProtocolFee(
        IEdition edition_,
        address asset_,
        uint256 amount_,
        address payer_,
        address referrer_
    ) internal returns (uint256 referrerShare) {
        uint256 mintReferrerShare = getMintReferrerShare(amount_, referrer_);
        uint256 collectionReferrerShare = getCollectionReferrerShare(amount_, referrers[edition_]);

        _route(
            Fee({asset: asset_, amount: mintReferrerShare}),
            Target({target: referrer_, chainId: block.chainid}),
            payer_
        );

        _route(
            Fee({asset: asset_, amount: collectionReferrerShare}),
+           Target({target: referrer_, chainId: block.chainid}),
            payer_
        );
    }

Impact

Collection referrer doesn't get the share of the fees they are owed.

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L412-L441

Tool used

Manual Review

Recommendation

Change the collectionReferrerShare owner from referrer_ to referrers[edition_]

        _route(
            Fee({asset: asset_, amount: collectionReferrerShare}),
+           Target({target: referrers[edition_], chainId: block.chainid}),
            payer_
        );

Duplicate of #267

sherlock-audit / 2024-04-titles-judging

durov - Incorrect `_splitProtocolFee` logic leaves collection referrer with no collectionReferrerShare #183

Incorrect `_splitProtocolFee` logic leaves collection referrer with no collectionReferrerShare

Summary

Incorrect `_splitProtocolFee` logic sends `collectionReferrerShare` to the mint referrer instead of the collection referrer

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2024-04-titles-judging

durov - Incorrect `_splitProtocolFee` logic leaves collection referrer with no collectionReferrerShare #183

Incorrect _splitProtocolFee logic leaves collection referrer with no collectionReferrerShare

Summary

Incorrect _splitProtocolFee logic sends collectionReferrerShare to the mint referrer instead of the collection referrer

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Incorrect `_splitProtocolFee` logic leaves collection referrer with no collectionReferrerShare

Incorrect `_splitProtocolFee` logic sends `collectionReferrerShare` to the mint referrer instead of the collection referrer