Closed sherlock-admin4 closed 2 months ago
Later in this same _buildSharesAndTargets
function you've referenced, an implicit bound of 255 is enforced by using a uint8 in the iterator:
If the user provided >255 attributions, the entire creation flow would revert. This is expected.
xiaoming90
medium
Number of attributions is not restricted
Summary
The number of of attributions is not restricted, leading to the following issues:
Vulnerability Detail
It was observed that the number of attributions that can be configured when publishing/creating a new work/collection is not restricted. As a result, it will lead to the following issues:
Issue 1
Assume that
revshareBps
(royalty revenue share) is set to 50 (0.5%). If the number ofattributionShares
is 5001 or more, the amount of revenue share received by the attribution (attributionRevShare
) will round down to zero, and none of the attributions will receive any royaltyrevshare
allocated to them.https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L476
Issue 2
If the number of attributions is too large when the mint fee is collected from the users, and the fee is routed to a large number of attributions, an out-of-gas (OOG) error will occur. As a result, the entire minting process will revert, and the minting of Token ID cannot proceed further.
If the number of attributions is large, the number of recipients of the newly deployed 0xSplit wallet will also be large per Line 146 below. The fact that a large number of recipients can lead to a revert in 0xSplit wallet or locked fund is a known issue that has been flagged out during 0xSplit audit report.
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L146
Impact
Issue 1 - None of the attributions will receive their share of the fee due to rounding down to zero.
Issue 2 - Minting of tokens will be broken as a revert caused by Out-of-Gas will occur when the code attempts to route the minting fee to the fee recipients.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L476
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L146
Tool used
Manual Review
Recommendation
Consider restricting the number of attributions to a reasonable value, such as ~250 recipients/attributions.