0rpse - Referrers can DoS minting

[sherlock-admin3]

0rpse

medium

Referrers can DoS minting

Summary

Every time a new token is minted referrers are sent some ETH, which can lead to reverts and blocking minting.

Vulnerability Detail

Minting in Edition.sol will make a call to FeeManager.sol and fee manager will route protocol fees to referrers using solady's SafeTransferLib::safeTransferETH, this will revert if the target reverts. For "mint referrers" users can opt to not include that particular referrer but there exists no way to evade collection referrers which gives collection referrers the ability to revert calls thus blocking every mint of a collection.

Impact

Collection referrers can block minting of collections they are referred in.

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/fees/FeeManager.sol#L436-L440 https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/fees/FeeManager.sol#L463

Tool used

Manual Review

Recommendation

Consider adding functionality to change collection referrers or use forceSafeTransferETH from SafeTransferLib.

Duplicate of #261

[ccashwell]

There's no incentive for a referrer to brick collections in this way. Won't fix.

[0rpse]

Escalate

I believe this should be a valid medium as referrers are not trusted.

[sherlock-admin3]

Escalate

I believe this should be a valid medium as referrers are not trusted.

You've created a valid escalation!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

[cvetanovv]

I agree with the escalation. This issue is a duplicate of #261. The outcome there will decide whether it is valid.

[Evert0x]

Result: Medium Duplicate of #261

[sherlock-admin2]

Escalations have been resolved successfully!

Escalation status:

• 0rpse: accepted