Closed sherlock-admin3 closed 4 months ago
Escalate
This is a valid issue. The similar issue was accepted and is rewarded here: https://github.com/sherlock-audit/2024-04-titles-judging/issues/280
Escalate
This is a valid issue. The similar issue was accepted and is rewarded here: https://github.com/sherlock-audit/2024-04-titles-judging/issues/280
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #280
Result: Medium Duplicate of #280
ComposableSecurity
medium
The
mintBatch
function with multiple tokenIds always revertsSummary
The
mintBatch
function is not functional as it would always revert when user tries to mint more than 1 token, because the wholemsg.value
is sent to the fee manager in eachfor
loop iteration.Vulnerability Detail
The
mintBatch
function allows to mint tokens for multiple works in one call.In each iteration of the
for
loop the wholemsg.value
is sent to the fee manager. However, in the second iteration the edition has insufficient balance, because the whole value has been sent in the previous iteration.That said, any call to
mintBatch
function with multiple tokens will revert.PoC
Impact
The
mintBatch
function is not functional as it would always revert when user tries to mint more than 1 token.Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/editions/Edition.sol#L277-L297
Tool used
Manual Review
Recommendation
Send the only required portion of the
msg.value
in each iteration.Duplicate of #280