bG9zZXIvZmFpbHVyZQ
commented
3 months ago Escalate
Duplicate of #264
Closed sherlock-admin3 closed 4 months ago
bG9zZXIvZmFpbHVyZQ
commented
3 months ago Escalate
Duplicate of #264
sherlock-admin3
commented
3 months ago Escalate
Duplicate of #264
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
WangSecurity
commented
3 months ago Agree with the escalation, planning to accept and duplicate with #264
Evert0x
commented
3 months ago Result: High Duplicate of #264
sherlock-admin4
commented
3 months ago
AgileJune
high
The user using Edition.sol::mintBatch(one token to multiple receivers) will avoid to pay expected mint Fee.
Summary
Edition.sol::mintBatch(one token to multiple receivers) is paying fee for only param
amount_, but total minted amount isreceivers_.length * amount_Vulnerability Detail
If user mints the token's amount with
mint()function, collected fee would bereceivers_.length * amount_ * (strategy_.mintFee + protocolFlatFee), but with the mintBatch function, collected fee is onlyamount_ * (strategy_.mintFee + protocolFlatFee).Impact
As a result, the protocol will get and distribute less than expected fee amounts.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L311-L312
Tool used
Manual Review
Recommendation
The function needs to pass
receivers_.length * amount_in FEEMANAGER.collectMintFee() function instead of `amount`.Duplicate of #264