Due to 0xSplits not supporting DegenNetwork, Titles will not be able operate on Degen Network.
Vulnerability Detail
As per the docs, the Sponsor is planning to deploy on the following chains:
//On what chains are the smart contracts going to be deployed?
//Ethereum, Base, OP, Zora, Blast, Arbitrum, zkSync, Degen
The problem is that one of the external protocols that is used by the Sponsor, 0xSplits, does not have their contracts deployed on Degen Network:
deployed contracts
//Splits is a 3rd party, their contracts are already audited and deployed and are out of scope.
The deployed contracts of 0xSplits will be used. For example, createSplit() is called on one of the deployed contracts of 0xSplits during the createRoute()function, which is critical to the working of this project:
/// @notice Creates a new fee route for the given {Edition} and attributions.
/// @param edition_ The {Edition} for which to create the route.
/// @param tokenId_ The token ID associated with the route.
/// @param attributions_ The attributions to be associated with the route.
/// @param referrer_ The address of the referrer to receive a share of the fee.
function createRoute(
IEdition edition_,
uint256 tokenId_,
Target[] calldata attributions_,
address referrer_
) external onlyOwnerOrRoles(ADMIN_ROLE) returns (Target memory receiver) {
Target memory creator = edition_.node(tokenId_).creator;
if (attributions_.length == 0) {
// No attributions, pay the creator directly
receiver = creator;
} else {
// Distribute the fee among the creator and attributions
(address[] memory targets, uint256[] memory revshares) = _buildSharesAndTargets(
creator, attributions_, edition_.feeStrategy(tokenId_).revshareBps
);
// Create the split. The protocol retains "ownership" to enable future use cases.
// @audit this process seems odd
receiver = Target({
-> target: splitFactory.createSplit(
SplitV2Lib.Split({
recipients: targets,
allocations: revshares,
totalAllocation: 1e6,
distributionIncentive: 0
}),
address(this),
creator.target
),
chainId: creator.chainId
});
}
_feeReceivers[getRouteId(edition_, tokenId_)] = receiver;
referrers[edition_] = referrer_;
}
Given that the required contracts are not deployed on Degen Network, these function calls will not work.
Impact
Titles will not be able to function on Degen Network.
We can either request the team deploy to Degen Network or deploy ourselves, and in any case this is a third-party dependency and out-of-scope. Won't fix.
zoyi
medium
Contract will not work on Degen Network
Summary
Due to
0xSplits
not supportingDegen
Network, Titles will not be able operate onDegen
Network.Vulnerability Detail
As per the docs, the Sponsor is planning to deploy on the following chains:
The problem is that one of the external protocols that is used by the Sponsor, 0xSplits, does not have their contracts deployed on Degen Network: deployed contracts
As per the public message of the Sponsor:
The deployed contracts of
0xSplits
will be used. For example,createSplit()
is called on one of the deployed contracts of0xSplits
during thecreateRoute()
function, which is critical to the working of this project:Given that the required contracts are not deployed on Degen Network, these function calls will not work.
Impact
Titles will not be able to function on Degen Network.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/c9d16782a7d3c15c7a759f22c9e0552d5e777ed7/wallflower-contract-v2/src/fees/FeeManager.sol#L125-L160
Tool used
Manual Review
Recommendation
Do not launch on Degen Network