search

sherlock-audit / 2024-04-titles-judging

1 stars 1 forks source link

funkornaut - `FeeManager::_buildSharesAndTargets` could casue a DoS #366

Closed sherlock-admin3 closed 2 months ago

sherlock-admin3 commented 2 months ago

funkornaut

medium

FeeManager::_buildSharesAndTargets could casue a DoS

Summary

In the FeeManager::_buildSharesAndTargets function, there's a potential for creating an attributions configuration where the total share percentage exceeds 100%. This could result in a denial of service (DoS) if the Splits contract reverts due to over-allocation during fee distribution, or it could lead to some referrers not receiving their share of the mintFee because the allocated funds would be insufficient to cover all payouts.

Vulnerability Detail

The main issue is in how the function calculates and then populates the shares array without verifying that the cumulative addition of attributionRevShare values does not surpass 100%. Assume all calculations are correct and we have an attributions.length of 5 and their share percentage is 25%. The total percentage of the shares array is now 125%. This will lead to operational issues.

    function _buildSharesAndTargets(
        ...
        uint32 attributionShares = uint32(attributions.length);
        uint32 attributionRevShare = revshareBps * 100 / attributionShares;
        uint32 creatorShare = 1e6 - (attributionRevShare * attributionShares);

        ...

        for (uint8 i = 0; i < attributionShares; i++) {
            targets[i + 1] = attributions[i].target;
            shares[i + 1] = attributionRevShare;
        }
    }

Impact

DoS for minting a Work or Edition.

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L476-#L496

Tool used

Manual Review Audit Wizard

Recommendation

Ensure that allocations of fees do not exceed 100%