Closed sherlock-admin3 closed 2 months ago
Escalate
This is a duplicate of #264
Escalate
This is a duplicate of #264
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #264
Result: High Duplicate of #264
KupiaSec
high
Incorrect Handling of Mint Fees in
Edition::mintBatch
FunctionSummary
The Edition::mintBatch function is designed to mint a token to set of receivers for the given work. However mint fee is set incorrectly and protocol collects less fee than it should do.
Vulnerability Detail
The Edition::mintBatch function is designed to allow minting of a token to a set of receivers for the given work. However, the current implementation of the function incorrectly handles the mint fees, resulting in the protocol collecting less fee than it should.
The current implementation of the
Edition::mintBatch
function is as follows:As evident from the provided code, at L312 the function is set to collect the mint fee according the
amount_
. Additionally, the function sendsamount_
number of tokens to each receiver, resulting in a total number of tokens minted that is equal toreceivers_length * amount_
.However, the current implementation only collects the mint fee for the
amount_
number of tokens, rather than the full quantity minted. This discrepancy will result in a financial loss for the protocol.Impact
Due to the incorrect setting of
amount_
in the Edition::mintBatch function implementation, minters may be able to mint a significantly higher number of tokens than they are intended to receive. This discrepancy would result in a financial loss for the protocol.Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/editions/Edition.sol#L312
Tool used
Manual Review
Recommendation
It is recommended to fix the function as follows:
Duplicate of #264