ccashwell
commented
4 months ago This is expected, the EDITION_MANAGER_ROLE holder (TitlesCore) will be upgraded at a later point to leverage this functionality for a planned feature. In any case, it's not a vulnerability.
1337
medium
The EDITION_MINTER_ROLE can never be granted, making the promoMint function only callable by the owner or the EDITION_MANAGER_ROLE.
Summary
The EDITION_MINTER_ROLE can never be granted, making the promoMint function only callable by the owner or the EDITION_MANAGER_ROLE.
Vulnerability Detail
In the initialize function of the Edition contract, the EDITION_MANAGERROLE is granted to the controller address, which is set to the address of the TitlesCore contract. However, the EDITION_MINTER_ROLE is not granted to any address.
The grantRoles function in the Edition contract, which is used to grant roles to users, can only be called by an address with the EDITION_MANAGER_ROLE. Since the TitlesCore contract does not call the grantRoles function to grant the EDITION_MINTER_ROLE to any address, this role remains unused.
As a result, the promoMint function can only be called by the owner or an address with the EDITION_MANAGER_ROLE. This limitation prevents other addresses from being granted the EDITION_MINTER_ROLE and accessing the promoMint function.
Impact
The impact of this vulnerability is that the functionality of the promoMint function is restricted to only the owner and the EDITION_MANAGER_ROLE. This limits the flexibility and usability of the Edition contract, as other addresses cannot be granted the EDITION_MINTER_ROLE to perform promotional minting.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L329
Tool used
Manual Review
Recommendation
To address this vulnerability, consider the following recommendations:
In the initialize function, grant the EDITION_MINTER_ROLE to the appropriate address(es) that should have the ability to perform promotional minting. This can be done by calling the _grantRoles function with the desired address(es) and the EDITION_MINTER_ROLE.
If the EDITION_MINTER_ROLE should be grantable by the EDITION_MANAGER_ROLE, update the access control of the grantRoles function to allow the EDITION_MANAGER_ROLE to grant the EDITION_MINTER_ROLE to other addresses.
Ensure that the grantRoles function is called appropriately to grant the EDITION_MINTER_ROLE to the intended addresses, either during initialization or through a separate function call.