search

sherlock-audit / 2024-04-titles-judging

10 stars 7 forks source link

0rpse - Mint referrer gets collection referrer's share #286

Closed sherlock-admin3 closed 5 months ago

sherlock-admin3 commented 5 months ago

0rpse

medium

Mint referrer gets collection referrer's share

Summary

Due to a coding error mint referrer gets collection referrer's share.

Vulnerability Detail

In FeeManager.sol while splitting fees through _splitProtocolFee function, protocol fee should split between mint referrer, collection referrer and protocol accordingly. However after calculating how much each party will get, collection referrer's share is sent to mint referrer.

Impact

Collection referrer's share is sent to mint referrer.

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/fees/FeeManager.sol#L436-L440

Tool used

Manual Review

Recommendation

Set collection referrer as the right target of collection referrer shares.

        _route(
            Fee({asset: asset_, amount: collectionReferrerShare}),
-            Target({target: referrer_, chainId: block.chainid}),
+            Target({target: referrers[edition_], chainId: block.chainid}),
            payer_
        );

Duplicate of #267