bareli - wrong implement of "collectMintFee" in Edition

[sherlock-admin4]

bareli

medium

wrong implement of "collectMintFee" in Edition

Summary

in the mint function, we are using
FEEMANAGER.collectMintFee{value: msg.value}( this, tokenId, amount, msg.sender, referrer, works[tokenId_].strategy) for collecting mintfees but we are using this in place of address(this).

Vulnerability Detail

function mint( address to, uint256 tokenId, uint256 amount, address referrer, bytes calldata data_ ) external payable override { // wake-disable-next-line reentrancy FEE_MANAGER.collectMintFee{value: msg.value}(

       this, tokenId_, amount_, msg.sender, referrer_, works[tokenId_].strategy

);

    _issue(to_, tokenId_, amount_, data_);
    _refundExcess();
}

/// @notice Mint a new token for the given work with a public comment.
/// @param to_ The address to mint the token to.
/// @param tokenId_ The ID of the work to mint.
/// @param amount_ The amount of tokens to mint.
/// @param referrer_ The address of the referrer.
/// @param data_ The data associated with the mint. Reserved for future use.
/// @param comment_ The public comment associated with the mint. Emitted as an event.
/// @dev This function is used to mint a token with a public comment, allowing the mint to be associated with a message which will be emitted as an event.
function mintWithComment(
    address to_,
    uint256 tokenId_,
    uint256 amount_,
    address referrer_,
    bytes calldata data_,
    string calldata comment_
) external payable {
    Strategy memory strategy = works[tokenId_].strategy;
    // wake-disable-next-line reentrancy
    FEE_MANAGER.collectMintFee{value: msg.value}(

     this, tokenId_, amount_, msg.sender, referrer_, strategy

);

    _issue(to_, tokenId_, amount_, data_);
    _refundExcess();

    emit Comment(address(this), tokenId_, to_, comment_);
}

/// @notice Mint multiple tokens for the given works.
/// @param to_ The address to mint the tokens to.
/// @param tokenIds_ The IDs of the works to mint.
/// @param amounts_ The amounts of each work to mint.
/// @param data_ The data associated with the mint. Reserved for future use.
function mintBatch(
    address to_,
    uint256[] calldata tokenIds_,
    uint256[] calldata amounts_,
    bytes calldata data_
) external payable {
    for (uint256 i = 0; i < tokenIds_.length; i++) {
        Work storage work = works[tokenIds_[i]];

        // wake-disable-next-line reentrancy
        FEE_MANAGER.collectMintFee{value: msg.value}(
>>            this, tokenIds_[i], amounts_[i], msg.sender, address(0), work.strategy
        );

        _checkTime(work.opensAt, work.closesAt);
        _updateSupply(work, amounts_[i]);
    }

    _batchMint(to_, tokenIds_, amounts_, data_);
    _refundExcess();
}

/// @notice Mint a token to a set of receivers for the given work.
/// @param receivers_ The addresses to mint the tokens to.
/// @param tokenId_ The ID of the work to mint.
/// @param amount_ The amount of tokens to mint.
/// @param data_ The data associated with the mint. Reserved for future use.
function mintBatch(
    address[] calldata receivers_,
    uint256 tokenId_,
    uint256 amount_,
    bytes calldata data_
) external payable {
    // wake-disable-next-line reentrancy
    FEE_MANAGER.collectMintFee{value: msg.value}(

    this, tokenId_, amount_, msg.sender, address(0), works[tokenId_].strategy

);

    for (uint256 i = 0; i < receivers_.length; i++) {
        _issue(receivers_[i], tokenId_, amount_, data_);
    }

    _refundExcess();
}

Impact

FEE_MANAGER.collectMintFee will not be implemented properly.

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L237

Tool used

Manual Review

Recommendation

FEE_MANAGER.collectMintFee{value: msg.value}(

       address(this), tokenId_, amount_, msg.sender, referrer_, works[tokenId_].strategy

);

Duplicate of #264