Closed sherlock-admin4 closed 2 months ago
Escalate
This issue is a valid excluded dup of #267
Escalate
This issue is a valid excluded dup of #267
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #267
Result: High Duplicate of #267
alexzoid
high
Incorrect Referrer Address in Fee Routing
Summary
The
_splitProtocolFee
function incorrectly uses the transaction referrer's address instead of the collection's designated referrer when routing collection referrer shares.Vulnerability Detail
In the
_splitProtocolFee
function within theFeeManager
contract, there is an error where thecollectionReferrerShare
of the fee is being routed to the transaction referrer (referrer_
) instead of the collection's assigned referrer (referrers[edition_]
).Impact
This is a high severity issue as the designated collection referrer never receives their share of the fees.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L436-L440
Tool used
Manual Review
Recommendation
Correct the implementation of
_splitProtocolFee
to ensure thatcollectionReferrerShare
is routed to the correct referrer address stored inreferrers[edition_]
instead of the transaction referrer.Duplicate of #267