No slippage protection for mint fee payments

Summary

If a fee strategy's mintFee increases, users may be forced to pay more fees than they initially expected. This can either occur by accident or due to a malicious work creator.

Vulnerability Detail

A fee strategy's mintFee can always be changed by the work creator:

  function setFeeStrategy(uint256 tokenId_, Strategy calldata strategy_) external {
      if (msg.sender != works[tokenId_].creator) revert Unauthorized();
      works[tokenId_].strategy = FEE_MANAGER.validateStrategy(strategy_);
  }

The lack of slippage protection for the amount of mint fees the user is going to pay opens up the opportunity for users to pay more mint fees than expected. This may occur, due to the fact that users expect any unused funds to be refunded and may intentionally send more ETH, expecting any funds that aren't used to be send back, or in the case where fees are denominated in ERC20 tokens, users may approve the FeeManager.sol uint256.max of their tokens. Consequently, the mint fee may be increased right before their mint, forcing them to pay more fees than expected. Furthermore, in the case of a malicious work creator, the mint fee may increase drastically right before a mint. This becomes especially dangerous when the fee is an ERC20 token and the minter has approved the maximum amount.

Impact

Possible loss of funds for minters.

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L228-L242

Tool used

Manual Review

Recommendation

Add a maximum mint fee parameter in all mint functions and revert if the fees paid by the user are more than the maximum.

sherlock-audit / 2024-04-titles-judging

trachev - No slippage protection for mint fee payments #396