Closed sherlock-admin4 closed 2 months ago
This function is called by a trusted admin. Invalid, won't fix.
This is also more of a natspec issue: mintReferrerRevshareBps + collectionReferrerRevshareBps is correctly limited to MAX_BPS, which is what the comment shoulds say.
xiaoming90
medium
MAX_ROYALTY_BPS not used
Summary
The entire amount (100%) of the protocol fee can be routed to the referrers, breaking an important protocol invariant that only a maximum of 95% of the protocol fee can be routed to the referrers. This leads to a loss of assets to the protocol as the protocol will end up receiving nothing.
Vulnerability Detail
Per the comment on Lines 295-296 below, the mint referrer revenue share (
mintReferrerRevshareBps
) plus collection referrer revenue share (collectionReferrerRevshareBps
) must not exceedMAX_ROYALTY_BPS
(9500).However, in Line 308 below, it was found that the implementation does not adhere to the requirement, and the mint referrer revenue share plus collection referrer revenue share cannot exceed
MAX_BPS
(10000) instead ofMAX_ROYALTY_BPS
(9500). As a result, the entire amount of the protocol fee can be routed to the referrers.https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L295
Impact
The entire amount (100%) of the protocol fee can be routed to the referrers, breaking an important protocol invariant that only a maximum of 95% of the protocol fee can be routed to the referrers. This leads to a loss of assets to the protocol as the protocol will end up receiving nothing.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L295
Tool used
Manual Review
Recommendation
Consider making the following changes: