Attacker can avoid paying mint fee by using any ETH excesses in feemanager
Summary
Attacker can avoid paying mint fee by using any ETH excesses in feemanager
Vulnerability Detail
An attacker can call mint with 0 msg.value if there is any excess excesses in feemanager because the feemanager does not verify where enough fee was sent but uses it balance to pay making it possible that any excess in the feemanager be drain out.
techOptimizor
medium
Attacker can avoid paying mint fee by using any ETH excesses in feemanager
Summary
Attacker can avoid paying mint fee by using any ETH excesses in feemanager
Vulnerability Detail
An attacker can call mint with 0 msg.value if there is any excess excesses in feemanager because the feemanager does not verify where enough fee was sent but uses it balance to pay making it possible that any excess in the feemanager be drain out.
No verification if msg.value is actully up to the mint fee
Impact
protocol wont be able to withdraw excess as it would all be drain out
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L183
Tool used
Manual Review
Recommendation
Verify the right msg.value is sent
Duplicate of #269