Closed sherlock-admin3 closed 5 months ago
There's no incentive for a referrer to brick collections in this way. Won't fix.
Escalate
I believe this should be a valid medium as referrers are not trusted.
Escalate
I believe this should be a valid medium as referrers are not trusted.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
I agree with the escalation. This issue is a duplicate of #261. The outcome there will decide whether it is valid.
Result: Medium Duplicate of #261
0rpse
medium
Referrers can DoS minting
Summary
Every time a new token is minted referrers are sent some ETH, which can lead to reverts and blocking minting.
Vulnerability Detail
Minting in
Edition.sol
will make a call toFeeManager.sol
and fee manager will route protocol fees to referrers using solady'sSafeTransferLib::safeTransferETH
, this will revert if the target reverts. For "mint referrers" users can opt to not include that particular referrer but there exists no way to evade collection referrers which gives collection referrers the ability to revert calls thus blocking every mint of a collection.Impact
Collection referrers can block minting of collections they are referred in.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/fees/FeeManager.sol#L436-L440 https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/fees/FeeManager.sol#L463
Tool used
Manual Review
Recommendation
Consider adding functionality to change collection referrers or use
forceSafeTransferETH
from SafeTransferLib.Duplicate of #261