A new work publisher might lose the left ETH since of no refund functionality, which will be locked in FeeManger.
Summary
A new work publisher might lose unexpected ETH because there is not refunding for left ETHs.
Vulnerability Detail
The work publisher calls TitlesCore.sol::publish() which in turn calls _publish() -> feeManager.collectCreationFee().
This function will collect protocolCreationFee which is defined in FeeMananger. The fee can be changed by owner's calling of setter function (setProtocolFees()).
If the fee has been changed(decreased) by owner while publish transaction is pending, the left funds are remained in FeeManager contract and locked
Recommend to refund the left balance functionality in FeeManage::collectCreationFee() (FeeManager -> TitlesCore), and TitlesCore::publish() (TtilesCore -> msg.sender).
AgileJune
medium
A new work publisher might lose the left ETH since of no refund functionality, which will be locked in FeeManger.
Summary
A new work publisher might lose unexpected ETH because there is not refunding for left ETHs.
Vulnerability Detail
The work publisher calls
TitlesCore.sol::publish()which in turn calls_publish() -> feeManager.collectCreationFee(). This function will collect protocolCreationFee which is defined in FeeMananger. The fee can be changed by owner's calling of setter function (setProtocolFees()). If the fee has been changed(decreased) by owner while publish transaction is pending, the left funds are remained in FeeManager contract and lockedImpact
The work publisher's funds are locked in contract
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/TitlesCore.sol#L120-L149 https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L166-L175
Tool used
Manual Review
Recommendation
Recommend to refund the left balance functionality in
FeeManage::collectCreationFee()(FeeManager -> TitlesCore), andTitlesCore::publish()(TtilesCore -> msg.sender).