Closed sherlock-admin3 closed 2 months ago
Escalate
This is a valid issue. Please help to check.
Escalate
This is a valid issue. Please help to check.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
@thangtranth Please elaborate on why do you think this is valid
All escalations have to have reasoning, but this report doesn't explain why this report should be valid. Hence, it should be rejected. Moreover, in comments for issue #30 it's explained why reports about not refunding excess fees for creation are invalid.
Planning to reject the escalation and leave the issue as it is.
Result: Invalid Unique
ast3ros
medium
Users can create work and mint without fees
Summary
The contract does not refund excess funds to the feePayer; instead, it retains them within the FeeManager. Consequently, if excess funds are present from another user's transaction, users can potentially create works or mint without incurring fees.
Vulnerability Detail
When a new work is published, the feePayer transmits ETH to the
TitlesCore
contract, which forwards all received funds to theFeeManager
. If the transmitted amount exceeds the required fee, the excess is not returned to the feePayer but stored in the FeeManager. This issue allows for fee-free creation and minting if sufficient excess balance is present.https://github.com/sherlock-audit/2024-04-titles/blob/2ac20d07d0b4562c0b0ee15e1becbf786f0ed896/wallflower-contract-v2/src/TitlesCore.sol#L120-L149
In the process of collecting creation and minting fees, the FeeManager calculates the fee and directs the specified ETH amount from its balance to the intended recipients. It does not verify whether the fee amount was actually paid by the feePayer, leading to potential exploitation.
https://github.com/sherlock-audit/2024-04-titles/blob/2ac20d07d0b4562c0b0ee15e1becbf786f0ed896/wallflower-contract-v2/src/fees/FeeManager.sol#L366-L454
Impact
If excess funds remain in the FeeManager from another transaction, it enables users to mint or create works without fees. This could potentially lead to unintended free usage of the platform.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/2ac20d07d0b4562c0b0ee15e1becbf786f0ed896/wallflower-contract-v2/src/TitlesCore.sol#L120-L149 https://github.com/sherlock-audit/2024-04-titles/blob/2ac20d07d0b4562c0b0ee15e1becbf786f0ed896/wallflower-contract-v2/src/fees/FeeManager.sol#L366-L454
Tool used
Manual Review
Recommendation