ccashwell
commented
2 months ago This is expected, the EDITION_MANAGER_ROLE holder (TitlesCore) will be upgraded at a later point to leverage this functionality for a planned feature. In any case, it's not a vulnerability.
trachev
high
Several functions in Edition.sol cannot be called
Summary
When an Edition.sol contract is created, it is initialized with an
EDITION_MANAGER_ROLEequal to the TitlesCore.sol contract. The issue is that many functions can only be called by theEDITION_MANAGER_ROLE, but that would be impossible as TitlesCore.sol does not allow that.Vulnerability Detail
The
EDITION_MANAGER_ROLEis always equal to the TitlesCore.sol contract:Here are the functions that should allow to be called by the
EDITION_MANAGER_ROLEaddress:publish, promoMint, setRoyaltyTarget, grantRoles, revokeRoles, grantPublisherRole, and revokePublisherRole. In order for all of these functions to be callable by the 'EDITION_MANAGER_ROLE', they must be called somewhere inside the TitlesCore.sol contract. This is true for only thepublishand 'setRoyaltyTargetfunctions, as all other functions are never called inside of TitlesCore.sol. Therefore, no roles can ever be granted or revoked, and only the owner can callgrantPublisherRole, revokePublisherRole and promoMint, which should not be the case. Furthermore, asgrantRolescan only be called by theEDITION_MANAGER_ROLE, theEDITION_MINTER_ROLE` cannot ever be granted.Impact
grantRoleandrevokeRolein Edition.sol cannot be called, while other functions using theonlyRolesOrOwner(EDITION_MANAGER_ROLE)modifier can only be invoked by the owner, which may be problematic if the owner is a contract thar also does not implement calls to those functions.Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/TitlesCore.sol#L72-L96
Tool used
Manual Review
Recommendation
Implement calls in TitlesCore.sol to the functions stated above.