The work creator can manipulate FeeSize using front-running
Summary
Work.creator has too much power over the distribution of its collection. By front-back running and changing timeFrame, it can eliminate unwanted mint transactions for its collection.
Vulnerability Detail
When creating a Work, the creator sets a specific timeFrame in which its collection can be minted. Also, only the creator can change the timeFrame using the Edition.sol::setTimeFrame function.
function setTimeframe(uint256 tokenId, uint64 opensAt, uint64 closesAt) external {
Work storage work = works[tokenId];
if (msg.sender != work.creator) revert Unauthorised();
// Update the open and close times for the work
work.opensAt = opensAt;
work.closesAt = closesAt;
emit TimeframeUpdated(address(this), tokenId, opensAt, closesAt);
}
Any mint function (mint, mintBatch, mintWithComment), including promoMint which is only available to the Edition creator and Edition admin internally use the Edition.sol::issue function which checks that the mint hits at the specified time using the Edition.sol::_checkTime function
which will revert the entire transaction if block.timestamp doesn't fall within the timestamp.
Thus, work.creator, if he wants to deliberately disallow some mint transaction (for example, he doesn't want the edition admin to run promoMint, which doesn't bring mint commission to the collection creator, he, seeing the transaction in the mempool, can change the timeFrame to the appropriate conditions that will cause the mint to revert, and then immediately change the timeFrame to the initial value.
Impact
This bug directly limits the power of the admin and edition creator, making it less than that of the work creator, which can lead to misbehaviour
Rating: medium
Code Snippet
Tool used
Manual Review
Recommendation
You need to rethink the approach to work.creator power, several options
it is possible to allow it only one change of timeFrame at a certain time interval, which will be a constant
it is possible to prohibit it from changing the timeFrame for too large a difference, the difference is also set as a constant
you can remove the ability to change timeFrame altogether
BengalCatBalu
medium
The work creator can manipulate FeeSize using front-running
Summary
Work.creator has too much power over the distribution of its collection. By front-back running and changing timeFrame, it can eliminate unwanted mint transactions for its collection.
Vulnerability Detail
When creating a Work, the creator sets a specific timeFrame in which its collection can be minted. Also, only the creator can change the timeFrame using the Edition.sol::setTimeFrame function.
Any mint function (mint, mintBatch, mintWithComment), including promoMint which is only available to the Edition creator and Edition admin internally use the Edition.sol::issue function which checks that the mint hits at the specified time using the Edition.sol::_checkTime function
which will revert the entire transaction if block.timestamp doesn't fall within the timestamp.
Thus, work.creator, if he wants to deliberately disallow some mint transaction (for example, he doesn't want the edition admin to run promoMint, which doesn't bring mint commission to the collection creator, he, seeing the transaction in the mempool, can change the timeFrame to the appropriate conditions that will cause the mint to revert, and then immediately change the timeFrame to the initial value.
Impact
This bug directly limits the power of the admin and edition creator, making it less than that of the work creator, which can lead to misbehaviour
Rating: medium
Code Snippet
Tool used
Manual Review
Recommendation
You need to rethink the approach to work.creator power, several options
it is possible to allow it only one change of timeFrame at a certain time interval, which will be a constant
it is possible to prohibit it from changing the timeFrame for too large a difference, the difference is also set as a constant
you can remove the ability to change timeFrame altogether