Closed sherlock-admin3 closed 2 months ago
escalate
This is a clear duplicate of #264. Please reconsider the status of this finding.
escalate
This is a clear duplicate of #264. Please reconsider the status of this finding.
The escalation could not be created because you are not exceeding the escalation threshold.
You can view the required number of additional valid issues/judging contest payouts in your Profile page, in the Sherlock webapp.
Escalate
This is a dup of https://github.com/sherlock-audit/2024-04-titles-judging/issues/264.
Escalate
This is a dup of https://github.com/sherlock-audit/2024-04-titles-judging/issues/264.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #264
Result: High Duplicate of #264
CodeWasp
medium
Edition.mintBatch(address[], ...)
has disproportionally low mint feeSummary
The mint fee collected by
Edition.mintBatch(address[], ...)
is disproportionally low compared to the number of tokens minted.Vulnerability Detail
Edition.mintBatch(address[], ...)
mintsreceivers_.length * amount_
-many tokens, but collects onlyamount_ * (strategy_.mintFee + protocolFlatFee)
in mint fees.Impact
Disproportionally low mint fees, compared to other minting paths (e.g.,
Edition.mintBatch(address, ...)
collects fees proportional to the number of minted tokens).Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L311-L317
Tool used
Manual Review
Recommendation
Collect fees proportional to number of tokens minted. Move call to
collectMintFee
into the loop, or call it withreceivers_.length * amount_
.Duplicate of #264