Closed sherlock-admin4 closed 2 months ago
Escalate
This is a valid duplicate of #264.
Escalate
This is a valid duplicate of #264.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #264
Result: High Duplicate of #264
Varun_05
high
mintBatch mints more tokens than the amount on which the fees was applied.
Summary
Fees is applied on the amount of tokens a user requests to mint but there is Discrepancy between the tokens on which the fees was applied and total tokens that are minted.
Vulnerability Detail
Following is mintBatch function
From above it is clear that fee is applied only on amount number of tokens. But when the for loop is executed it issues each receiver tokens = amount number of tokens essentially total tokens minted are = number of receivers*amount whereas the fees was only collected for amount number of tokens thus allowing minting of excess tokens without paying any fee.
Impact
A user can mint tokens by paying only very less fee than they should because number of receivers can be any number(even same user as every array element).
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/editions/Edition.sol#L316
Tool used
Manual Review
Recommendation
make the following change in the code
Duplicate of #264