Open sherlock-admin4 opened 3 months ago
Valid, will fix
Escalate
There are also a number of other separately escalated issues (including another esc on this issue itself) that I agree are valid dupes of this. Though I can only try so hard at mentioning them :)
Escalate
72, #131, #153, #158, #176, #183, and #193 are valid excluded dupes of this issue
There are also a number of other separately escalated issues (including another esc on this issue itself) that I agree are valid dupes of this. Though I can only try so hard at mentioning them :)
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Escalate
393 is a valid excluded dup of this issue.
You've deleted an escalation for this issue.
Escalate
https://github.com/sherlock-audit/2024-04-titles-judging/issues/210 should be dup
Escalate
https://github.com/sherlock-audit/2024-04-titles-judging/issues/210 should be dup
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
For issues to become duplicates, they have to be escalated, not the main report (i.e. for #210 to become a dup, you should escalate it and not the main report). Hence, planning to reject this escalation
For issues to become duplicates, they have to be escalated, not the main report (i.e. for #210 to become a dup, you should escalate it and not the main report). Hence, planning to reject this escalation
What should I do? Escalation is over.
For issues to become duplicates, they have to be escalated, not the main report (i.e. for #210 to become a dup, you should escalate it and not the main report). Hence, planning to reject this escalation
@WangSecurity quoting escalation rule 2
https://docs.sherlock.xyz/audits/judging/escalation-period#rules-for-escalation
You can combine multiple arguments related to the same issue into one escalation. This prevents getting a double penalty when the escalation is rejected. For example, you might argue that the issue is valid and should be duplicated with #4. Also, you can mention multiple issues in the same escalation if they need to be duplicated together or separated from the context of the issue you are escalating. For example: 'The issues #12, #145 and #5 are all duplicates of the above issue'
My escalation is then valid and should be considered
Sorry for the confusion I cause above, I saw the message that the escalation was deleted and mistakenly though it's about @midori-fuse escalation and then there was a new escalation, which I thought was the only one and asked for a single issue to be a duplicate. Excuse me for the confusion, hope for your understanding. Planning to accept both escalations.
Result: High Has Duplicates
Escalations have been resolved successfully!
Escalation status:
The protocol team fixed this issue in the following PRs/commits: https://github.com/titlesnyc/wallflower-contract-v2/pull/1
The Lead Senior Watson signed off on the fix.
xiaoming90
high
Collection referrers will not receive their share of the minting fee
Summary
Collection referrers will not receive their share of the minting fee, leading to a loss of assets for the collection referrers.
Vulnerability Detail
Assume that Alice creates a referral link to create a collection. Bob uses that link to publish a collection called $Collection_1$. In this case, the collection referrer of $Collection_1$ will be set to Alice.
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/TitlesCore.sol#L103
When the
TitlesCore.publish
is executed to create a new collection, thefeeManager.createRoute
function will be executed internally. ThefeeManager.createRoute
function will store Alice's wallet address within thereferrers[edition_]
mapping. Thus, the state of thereferrers
mapping will be as follows:https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L125
When someone mints a new token for $Collection_A$, Alice, who is the collection referral, should get a share of the minting fee. However, based on the current implementation of the
FeeManager._splitProtocolFee
function below, Alice will not receive her collection referral fee. Instead, the collection referral fee is routed to the mint referrer.Line 438 below shows that the collection referral fee is routed to the mint referrer (
referrer_
) instead of the collection referrer (referrers[edition_]
).https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L412
Impact
Following are some of the negative impacts that could lead to a loss of assets:
referrer_
parameter to their own wallet address when executing theEdition.mint
function, so that the collection referral fee can be routed to their own wallet, effectively avoiding paying the collection referral fee to someone else.Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/TitlesCore.sol#L103
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L125
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L412
Tool used
Manual Review
Recommendation
Consider the following change to ensure that the collection referral fee is routed to the collection referrer instead of the mint referrer.