Closed sherlock-admin3 closed 2 months ago
Will address
Escalate
Invalid in the current code version as Edition
will not hold any ETH. As presented in the code snippets, the total msg.value
eth is transferred from Edition
to FeeManager
during a mint:
This is also the case for Edition.mintWithComment()
and Edition.mintBatch()
.
Escalate
Invalid in the current code version as
Edition
will not hold any ETH. As presented in the code snippets, the totalmsg.value
eth is transferred fromEdition
toFeeManager
during a mint:This is also the case for
Edition.mintWithComment()
andEdition.mintBatch()
.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
While I believe the escalating Watson is correct about Editions contract not holding ETH, the problem is that the attacker exploits the current call with excess ETH. When fee sent to the external party it can reenter using the excess ETH that initiated the mint. And yes, there is a possibility the users will send excess ETH, cause mint fee is subsequent to change. Hence, the report is not about draining Editions contract, but stealing fund from the user.
Planning to reject the escalation and leave the issue as it is.
@WangSecurity but the entire msg.value
is sent to the FeeManager
as @cducrest said, so excess ETH will never be in the Edition
contract. When the external party re-enters, the balance of the Edition
contract will be 0 ether
. Not sure how this can be deemed a High.... when the impact is not even possible.
Yes, you're both correct. I believe this is a valid issue cause the fees shouldn't be sent to FeeManager and remain in the Edition, but in the current implementation it's not working like that. Therefore, this bug is valid only if the bug with incorrect msg.value is sent to the FeeManager. Therefore, the future issue rule should be applied here, planning to accept the escalation and invalidate the report.
Agreed with @0xjuaan and @WangSecurity, this issue can be invalidated.
I think that this issue should be valid.
Every minting functions calls to _refundExcess
function. It means that the Edition.sol
is designed to refund all excess ethers to users. So, I think that this issue could not be seen as a result out of a fix to another issue, because refunding is intended in its design.
In the current implementation of the protocol, the _refundExcess
function will not be called due to a bug in #269, therefore, this issue will only arise when 269 is fixed. Hence, future issue rule should be applied.
Planning to accept the escalation and invalidate the issue.
Result: Invalid Has Duplicates
The protocol team fixed this issue in the following PRs/commits: https://github.com/titlesnyc/wallflower-contract-v2/pull/1
xiaoming90
high
Excess ETH of the victim can be stolen by malicious external parties due to re-entrancy attack
Summary
Excess ETH of the victim can be stolen by malicious external parties due to re-entrancy attack.
Vulnerability Detail
Per Line 241 below, it is expected that there will be excess ETH residing on the contract at the end of the transaction. The
_refundExcess
function is implemented with the intention of sweeping excess ETH back to the caller of themint
function at the end of the transaction.However, the problem is when someone (e.g., Bob) mints a new token for a given work, a number of parties can gain control of the transaction and re-enter the Edition contract. The
mint
function uses a number of functions that can pass execution control to external parties.The following is a list of external parties that could re-enter during the minting execution:
Fee recipients (e.g., Edition's creator and attribution, Collection and minting referrers) - At Line 236, when the FEE_MANAGER.collectMintFee is executed, native ETH is transferred to the fee recipients, who will gain control of the execution.
Token recipients - At Line 240 below, the
_issue
function will call theERC1155._mint
function internally. TheERC1155._mint
contains an ERC1155 hook (onERC1155Received
) that will pass the control to the token recipient, who will gain control of the execution.Once any of the above-mentioned parties gain control of the execution, they can re-enter the Edition contract and execute any of the mint functions (all mint functions will execute the _refundExcess function). This will result in the excess ETH residing on the contract being swept to the malicious party's address instead of Bob's address, effectively stealing Bob's assets.
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L228
Impact
Loss of assets, as shown in the above scenario. The victim's excess ETH can be stolen by malicious external parties.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L228
Tool used
Manual Review
Recommendation
Consider adding a re-entrancy guard to all minting functions to prevent the fee recipient from re-entering the Edition contract during issuing/minting.