search

sherlock-audit / 2024-04-titles-judging

1 stars 1 forks source link

CodeWasp - `Edition.mintBatch(address[], ...)` has disproportionally low mint fee #364

Closed sherlock-admin3 closed 2 months ago

sherlock-admin3 commented 2 months ago

CodeWasp

medium

Edition.mintBatch(address[], ...) has disproportionally low mint fee

Summary

The mint fee collected by Edition.mintBatch(address[], ...) is disproportionally low compared to the number of tokens minted.

Vulnerability Detail

Edition.mintBatch(address[], ...) mints receivers_.length * amount_-many tokens, but collects only amount_ * (strategy_.mintFee + protocolFlatFee) in mint fees.

Impact

Disproportionally low mint fees, compared to other minting paths (e.g., Edition.mintBatch(address, ...) collects fees proportional to the number of minted tokens).

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L311-L317

Tool used

Manual Review

Recommendation

Collect fees proportional to number of tokens minted. Move call to collectMintFee into the loop, or call it with receivers_.length * amount_.

Duplicate of #264

andrey-kuprianov commented 1 month ago

escalate

This is a clear duplicate of #264. Please reconsider the status of this finding.

sherlock-admin3 commented 1 month ago

escalate

This is a clear duplicate of #264. Please reconsider the status of this finding.

The escalation could not be created because you are not exceeding the escalation threshold.

You can view the required number of additional valid issues/judging contest payouts in your Profile page, in the Sherlock webapp.

ShaheenRehman commented 1 month ago

Escalate

This is a dup of https://github.com/sherlock-audit/2024-04-titles-judging/issues/264.

sherlock-admin3 commented 1 month ago

Escalate

This is a dup of https://github.com/sherlock-audit/2024-04-titles-judging/issues/264.

You've created a valid escalation!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

WangSecurity commented 1 month ago

Agree with the escalation, planning to accept and duplicate with #264

Evert0x commented 1 month ago

Result: High Duplicate of #264

sherlock-admin4 commented 1 month ago

Escalations have been resolved successfully!

Escalation status: