Closed sherlock-admin3 closed 4 months ago
Escalate
Dup of #264
Escalate
Dup of #264
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #264
Result: High Duplicate of #264
durov
medium
Incorrect
mintBatch()
logic lets users bypass paying most of the feesSummary
Incorrect
mintBatch()
logic lets users pay way less fees than they are supposed to.Vulnerability Detail
In
Edition.sol
's MintBatch() function issuesamount_
of tokens to every address specified inaddress[] receivers_
, but calls FeeManager to collect fees needed to mintamount_
of tokens for only one address. This leads to users being able to mint for multiple addresses while paying for just one.Impact
Protocol and creators won't get most of the fees because any users can mint to multiple addresses they own and paying much smaller amounts than they should.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L304-L320
Tool used
Manual Review
Recommendation
Take fees for every address provided.
Duplicate of #264