nisedo - Incompatible with zkSync and Degen chains deployment

[sherlock-admin3]

nisedo

medium

Incompatible with zkSync and Degen chains deployment

Summary

Titles protocol is incompatible with the planned deployment on zkSync and Degen chains because Splits, which is a core dependence of Titles, isn't deployed on these two chains.

Vulnerability Detail

The protocol README states that Titles is planned to be deployed on multiple chains:

Q: On what chains are the smart contracts going to be deployed?

Ethereum, Base, OP, Zora, Blast, Arbitrum, zkSync, Degen

However, according to Split documentation, this protocol isn't deployed on zkSync and Degen:

Ethereum - 1 Optimism – 10 BSC – 56 Gnosis – 100 Polygon – 137 Fantom – 250 Base – 8453 Arbitrum – 42161 Avalanche – 43114 Zora – 7777777 Aurora – 1313161554 Blast – 81457

Therefore, Titles can be deployed on those two chains but will be unusable because all calls to TitlesCore.createEdition() and TitlesCore.publish() will fail because they ultimately call FeeManager.createRoute() which itself will call an inexistent contract splitFactory.createSplit().

    /// @notice Creates a new fee route for the given {Edition} and attributions.
    /// @param edition_ The {Edition} for which to create the route.
    /// @param tokenId_ The token ID associated with the route.
    /// @param attributions_ The attributions to be associated with the route.
    /// @param referrer_ The address of the referrer to receive a share of the fee.
    function createRoute(
        IEdition edition_,
        uint256 tokenId_,
        Target[] calldata attributions_,
        address referrer_
    ) external onlyOwnerOrRoles(ADMIN_ROLE) returns (Target memory receiver) {
        Target memory creator = edition_.node(tokenId_).creator;

        if (attributions_.length == 0) {
            // No attributions, pay the creator directly
            receiver = creator;
        } else {
            // Distribute the fee among the creator and attributions
            (address[] memory targets, uint256[] memory revshares) = _buildSharesAndTargets(
                creator, attributions_, edition_.feeStrategy(tokenId_).revshareBps
            );

            // Create the split. The protocol retains "ownership" to enable future use cases.
            receiver = Target({
❌              target: splitFactory.createSplit(
                    SplitV2Lib.Split({
                        recipients: targets,
                        allocations: revshares,
                        totalAllocation: 1e6,
                        distributionIncentive: 0
                    }),
                    address(this),
                    creator.target
                    ),
                chainId: creator.chainId
            });
        }

        _feeReceivers[getRouteId(edition_, tokenId_)] = receiver;
        referrers[edition_] = referrer_;
    }

Impact

Incompatible with the chains on which it is to be deployed.

Code Snippet

• https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/fees/FeeManager.sol#L120-L160

Tool used

Manual Review

Recommendation

Don't deploy on zkSync and Degen until Splits protocol is deployed on both chains.