Missing Referrer Checks in Mint Function Allow Minter to Recover Minting Fees
Summary
In the Edition.sol contract's mint function, a minter has the ability to designate themselves as the referrer, resulting in the minter recovering 50% of the minting fees.
Vulnerability Detail
Consider this scenario:
Bob initiates the mint function and specifies his own address as the referrer_ parameter.
This triggers the execution of the collectMintFees function within the FeeManager.sol contract.
The collectMintFees function calculates the protocolFee using the formula: uint256 protocolFee = protocolFlatFee * amount_;.
The protocolFee is then passed to the splitProtocolFee function to distribute the fees.
Within the splitProtocolFee function, the following call is made:
AhmedAdam
high
Missing Referrer Checks in Mint Function Allow Minter to Recover Minting Fees
Summary
In the Edition.sol contract's mint function, a minter has the ability to designate themselves as the referrer, resulting in the minter recovering 50% of the minting fees.
Vulnerability Detail
Consider this scenario:
Impact
Manipulating the mint Fee amount.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/editions/Edition.sol#L228-L242
https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/fees/FeeManager.sol#L366-L410
Tool used
Manual Review
Recommendation
Implement checks so that the minter is not the same as referrer_ or methods to verify referrers.
Duplicate of #405