Closed sherlock-admin3 closed 2 months ago
Escalate
This is similar to #283, which is sponsor-confirmed and selected for reward. In contrast to #283, which points out the effects of transferring a work to another creator, this issue describes the effects of transferring a work to the zero address.
This is at least a dup of #283 – but effectively describes a different effect and can also stand on its own.
Apologies for the brief original submission – I was running out of time 😓
Escalate
This is similar to #283, which is sponsor-confirmed and selected for reward. In contrast to #283, which points out the effects of transferring a work to another creator, this issue describes the effects of transferring a work to the zero address.
This is at least a dup of #283 – but effectively describes a different effect and can also stand on its own.
Apologies for the brief original submission – I was running out of time 😓
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
I believe this report is a user mistake to transfer ownership to 0 address, hence, invalid. Planning to reject the escalation and leave the issue as it is.
Result: Invalid Unique
CodeWasp
medium
Edition.transferWork
allows zero address, leaves work inaccessible for further updatesSummary
Edition.transferWork
allows setting the work's creator to the zero address, leaving it without a creator.Vulnerability Detail
Edition.transferWork
allows setting the work's creator to the zero address.Impact
Leaves the work inaccessible for fee updates (setFeeStrategy), setting metadata (setMetadata) or timeframe (setTimeframe).
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L412-L417
Tool used
Manual Review
Recommendation
Check argument
to_
and revert on zero address.