Closed sherlock-admin4 closed 5 months ago
Escalate
Dupe of https://github.com/sherlock-audit/2024-04-titles-judging/issues/264, not https://github.com/sherlock-audit/2024-04-titles-judging/issues/280
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #264
Result: High Duplicate of #264
valentin2304
high
mintBatch function in Edition is vulnerable to sybil attack
High
Summary
mintBatch
function inEdition
is responsible for minting a token of work to a set of receivers, but doesn't calculate themintFee
correctly, leaving the protocol vulnerable to an attack where a malicious user puts his address multiple times inreceivers_
and ends up paying the mint fee for only one mint;Vulnerability Detail
If malicious user calls
mintBatch
withreceivers_ = [address(user), address(user), address(user)]
andamount_ = 1
user will pay a fee for one mint, but will receive 3 works.Impact
Loss of funds for the protocol
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L304-#L320
Tool used
Manual Review
Recommendation
In
mintBatch
function change the call to fee manager toFEE_MANAGER.collectMintFee{value: msg.value}( this, tokenId_, amount_ * receivers_.length, msg.sender, address(0), works[tokenId_].strategy);
Duplicate of #264