FeeManager.sol::_splitProtocolFee implements the wrong logic, always sending collectionReferrer percentage to mintReferrer
Summary
The FeeManager.sol::_splitProtocolFee function is used to reward actors who help the protocol grow. However, the distribution of earnings is wrongly performed.
Vulnerability Detail
FeeManager.sol::_splitProtocolFee receives the referrer address as a param.
Calculates the mintReferrerShare passing the amount & referrer_ address to FeeManager.sol::getMintReferrerShare;
If the referrer_ address is not an address(0), will return the fee value.
Calculates the mintReferrerShare passing amount & referrers[edition_] address to FeeManager.sol::getCollectionReferrerShare;
If the referrers[edition_] address is not an address(0), will return the fee value.
Until this point, things look ok. However, when the distribution starts, is mintReferrerShare the one who receives both amounts, as you can see here:
Although the collectionReferrerShare did his part in helping the protocol grow, he will never receive his share. Every time a mint occurs, the mintReferrerShare will receive all the earnings.
i3arba
high
FeeManager.sol::_splitProtocolFee
implements the wrong logic, always sendingcollectionReferrer
percentage tomintReferrer
Summary
The
FeeManager.sol::_splitProtocolFee
function is used to reward actors who help the protocol grow. However, the distribution of earnings is wrongly performed.Vulnerability Detail
FeeManager.sol::_splitProtocolFee
receives the referrer address as a param.mintReferrerShare
passing theamount
&referrer_
address toFeeManager.sol::getMintReferrerShare
;referrer_
address is not anaddress(0)
, will return the fee value.mintReferrerShare
passingamount
&referrers[edition_]
address toFeeManager.sol::getCollectionReferrerShare
;referrers[edition_]
address is not anaddress(0)
, will return the fee value.Until this point, things look ok. However, when the distribution starts, is
mintReferrerShare
the one who receives both amounts, as you can see here:Target == referrer_ in both functions
```diff _route( Fee({asset: asset_, amount: mintReferrerShare}), @> Target({target: referrer_, chainId: block.chainid}), payer_ ); _route( Fee({asset: asset_, amount: collectionReferrerShare}), @> Target({target: referrer_, chainId: block.chainid}), payer_ ); ```Impact
Although the
collectionReferrerShare
did his part in helping the protocol grow, he will never receive his share. Every time a mint occurs, themintReferrerShare
will receive all the earnings.Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L430-L439
Tool used
Manual Review
Recommendation
Code Adjustment
```diff function _splitProtocolFee( IEdition edition_, address asset_, uint256 amount_, address payer_, address referrer_ ) internal returns (uint256 referrerShare) { .... //The rest of the function _route( Fee({asset: asset_, amount: mintReferrerShare}), Target({target: referrer_, chainId: block.chainid}), payer_ ); _route( Fee({asset: asset_, amount: collectionReferrerShare}), - Target({target: referrer_, chainId: block.chainid}), + Target({target: referrers[edition_], chainId: block.chainid}), payer_ ); } ```Duplicate of #267