in the mint function, we are using
FEEMANAGER.collectMintFee{value: msg.value}( this, tokenId, amount, msg.sender, referrer, works[tokenId_].strategy)
for collecting mintfees but we are using this in place of address(this).
_issue(to_, tokenId_, amount_, data_);
_refundExcess();
}
/// @notice Mint a new token for the given work with a public comment.
/// @param to_ The address to mint the token to.
/// @param tokenId_ The ID of the work to mint.
/// @param amount_ The amount of tokens to mint.
/// @param referrer_ The address of the referrer.
/// @param data_ The data associated with the mint. Reserved for future use.
/// @param comment_ The public comment associated with the mint. Emitted as an event.
/// @dev This function is used to mint a token with a public comment, allowing the mint to be associated with a message which will be emitted as an event.
function mintWithComment(
address to_,
uint256 tokenId_,
uint256 amount_,
address referrer_,
bytes calldata data_,
string calldata comment_
) external payable {
Strategy memory strategy = works[tokenId_].strategy;
// wake-disable-next-line reentrancy
FEE_MANAGER.collectMintFee{value: msg.value}(
_issue(to_, tokenId_, amount_, data_);
_refundExcess();
emit Comment(address(this), tokenId_, to_, comment_);
}
/// @notice Mint multiple tokens for the given works.
/// @param to_ The address to mint the tokens to.
/// @param tokenIds_ The IDs of the works to mint.
/// @param amounts_ The amounts of each work to mint.
/// @param data_ The data associated with the mint. Reserved for future use.
function mintBatch(
address to_,
uint256[] calldata tokenIds_,
uint256[] calldata amounts_,
bytes calldata data_
) external payable {
for (uint256 i = 0; i < tokenIds_.length; i++) {
Work storage work = works[tokenIds_[i]];
// wake-disable-next-line reentrancy
FEE_MANAGER.collectMintFee{value: msg.value}(
>> this, tokenIds_[i], amounts_[i], msg.sender, address(0), work.strategy
);
_checkTime(work.opensAt, work.closesAt);
_updateSupply(work, amounts_[i]);
}
_batchMint(to_, tokenIds_, amounts_, data_);
_refundExcess();
}
/// @notice Mint a token to a set of receivers for the given work.
/// @param receivers_ The addresses to mint the tokens to.
/// @param tokenId_ The ID of the work to mint.
/// @param amount_ The amount of tokens to mint.
/// @param data_ The data associated with the mint. Reserved for future use.
function mintBatch(
address[] calldata receivers_,
uint256 tokenId_,
uint256 amount_,
bytes calldata data_
) external payable {
// wake-disable-next-line reentrancy
FEE_MANAGER.collectMintFee{value: msg.value}(
bareli
medium
wrong implement of "collectMintFee" in Edition
Summary
in the mint function, we are using
FEEMANAGER.collectMintFee{value: msg.value}( this, tokenId, amount, msg.sender, referrer, works[tokenId_].strategy) for collecting mintfees but we are using this in place of address(this).
Vulnerability Detail
function mint( address to, uint256 tokenId, uint256 amount, address referrer, bytes calldata data_ ) external payable override { // wake-disable-next-line reentrancy FEE_MANAGER.collectMintFee{value: msg.value}(
Impact
FEE_MANAGER.collectMintFee will not be implemented properly.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L237
Tool used
Manual Review
Recommendation
FEE_MANAGER.collectMintFee{value: msg.value}(
Duplicate of #264