No actual edition creation fee exists.

Summary

When creating a new edition, the payment made is designated as the publishing fee for the first tokenId, rather than the edition creation fee as initially perceived.

Vulnerability Detail

When someone wants to create a new edition, they call TitlesCore::createEdition.

    function createEdition(bytes calldata payload_, address referrer_)
        external
        payable
        returns (Edition edition)
    {
        EditionPayload memory payload = abi.decode(payload_.cdDecompress(), (EditionPayload));

        edition = Edition(editionImplementation.clone());

        // wake-disable-next-line reentrancy
        edition.initialize(
            feeManager, graph, payload.work.creator.target, address(this), payload.metadata
        );

        // wake-disable-next-line unchecked-return-value
87      _publish(edition, payload.work, referrer_);

        emit EditionCreated(
            address(edition),
            payload.work.creator.target,
            payload.work.maxSupply,
            payload.work.strategy,
            abi.encode(payload.metadata)
        );
    }

At L87 of TitlesCore::createEdition, it invokes _publish().

    function _publish(Edition edition_, WorkPayload memory work_, address referrer_)
        internal
        returns (uint256 tokenId)
    {
        // Publish the new Work in the Edition
        // wake-disable-next-line reentrancy
        tokenId = edition_.publish(
            work_.creator.target,
            work_.maxSupply,
            work_.opensAt,
            work_.closesAt,
            work_.attributions,
            work_.strategy,
            work_.metadata
        );

        // Collect the creation fee
        // wake-disable-next-line reentrancy
138     feeManager.collectCreationFee{value: msg.value}(edition_, tokenId, msg.sender);

        // Create the fee route for the new Work
        // wake-disable-next-line reentrancy
        Target memory feeReceiver = feeManager.createRoute(
            edition_, tokenId, _attributionTargets(work_.attributions), referrer_
        );

        // Set the royalty target for the new Work
        // wake-disable-next-line reentrancy
        edition_.setRoyaltyTarget(tokenId, feeReceiver.target);
    }

At L138 of TitlesCore::_publish, it calls feeManager::collectCreationFee.

    function collectCreationFee(IEdition edition_, uint256 tokenId_, address feePayer_)
        external
        payable
    {
170     Fee memory fee = getCreationFee();
        if (fee.amount == 0) return;

        _route(fee, Target({target: protocolFeeReceiver, chainId: block.chainid}), feePayer_);
        emit FeeCollected(address(edition_), tokenId_, ETH_ADDRESS, fee.amount, 0);
    }

At feeManager::collectCreationFee, the edition creator(feePayer_) is charged getCreationFee() as the creation fee.

    function getCreationFee() public view returns (Fee memory fee) {
        return Fee({asset: ETH_ADDRESS, amount: protocolCreationFee});
    }

However, feeManager::getCreationFee() is only 0.0001 ether(protocolCreationFee), which is designated for publishing the first tokenId, not for creating a new edition. Therefore, there is no additional fee for creating a new edition. Consequently, individuals seeking to publish their works are encouraged to create their own edition, as the publishing fee aligns with the edition creation fee, offering numerous privileges to the creator.