msg.sender is not correctly transmited in external calls, blocking users from minting NFTs through Edition.sol::mint
Summary
On interacting with external contracts, the caller becomes a new msg.sender instead of the original caller.
Vulnerability Detail
When calling Edition.sol::mint, the original msg.sender is changed when the function calls FEE_MANAGER.collectMintFee will be charged from the FEE_MANAGER contract and not from the user as expected.
Impact
If the FEE_MANAGER doesn't hold any eth as expected, the call will never go through.
PoC
```solidity
function test_mintFunctionMustRevert() public {
//remove the comment to the function go through
// vm.deal(address(manager), 10 ether);
vm.prank(BARBA);
edition.mint(BARBA, 1, 1, mintReferrer, "");
}
```
i3arba
high
msg.sender
is not correctly transmited in external calls, blocking users from minting NFTs throughEdition.sol::mint
Summary
On interacting with external contracts, the caller becomes a new
msg.sender
instead of the original caller.Vulnerability Detail
When calling
Edition.sol::mint
, the originalmsg.sender
is changed when the function callsFEE_MANAGER.collectMintFee
will be charged from theFEE_MANAGER
contract and not from theuser
as expected.Impact
If the
FEE_MANAGER
doesn't hold any eth as expected, the call will never go through.PoC
```solidity function test_mintFunctionMustRevert() public { //remove the comment to the function go through // vm.deal(address(manager), 10 ether); vm.prank(BARBA); edition.mint(BARBA, 1, 1, mintReferrer, ""); } ```Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L236-L238
Tool used
Manual Review
Recommendation
Ensure the validation is in place to check the actor is handled correctly. Reference: https://solodit.xyz/issues/swapinternal-shouldnt-use-msgsender-spearbit-connext-pdf