Closed sherlock-admin4 closed 2 months ago
Escalate
Duplicate of #267 not #265
Escalate
Duplicate of #267 not #265
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #267
Result: High Duplicate of #267
trachev
high
collectionReferrerShare
is sent to the wrong addressSummary
collectionReferrerShare
is intended to be 25% of the protocol share of fees, which need to be sent to the collection referrer. The issue is that they are currently transferred to the mint referrer.Vulnerability Detail
As the code comments state:
If a referred collection, collection referrer gets 25% of the protocol share
. Furthermore, thecollectionReferrerShare
is calculated based on thereferrers[edition_]
, which is essentially the collection referrer:The problem occurs in the transfer of these fees:
As we can see in
_splitProtocolFee
both themintReferrerShare
and thecollectionReferrerShare
are routed to thereferrer_
, and thecollectionReferrerShare
is not sent to thereferrers[edition_]
.Impact
The mint referrer is given the shares, allocated for the collection referrer, getting 75% of the protocol share of fees, instead of 50%, also causing a loss of funds for the collection referrer.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L412-L441
Tool used
Manual Review
Recommendation
Send the
collectionReferrerShare
toreferrers[edition_]
.Duplicate of #267