Title: Incorrect Emitter Address in Comment Event Emission
Summary
In the mintWithComment function, an event Comment is emitted with the author indexed as the address of the contract (address(this)). However, it should emit msg.sender as the author to accurately reflect who made the comment.
Vulnerability Detail
The event Comment is emitted with the address of the contract (address(this)) as the author of the comment, which may not represent the actual sender of the transaction.
Impact
This issue might mislead users or applications consuming the event data into believing that the contract itself made the comment, rather than the actual sender who invoked the mintWithComment function.
Actually the comment is attributed to the token recipient (argument at position 3), in connection with the edition (argument at position 1). This is expected behavior.
recursiveEth
medium
Title: Incorrect Emitter Address in Comment Event Emission
Summary
In the mintWithComment function, an event Comment is emitted with the author indexed as the address of the contract (address(this)). However, it should emit msg.sender as the author to accurately reflect who made the comment.
Vulnerability Detail
The event Comment is emitted with the address of the contract (address(this)) as the author of the comment, which may not represent the actual sender of the transaction.
Impact
This issue might mislead users or applications consuming the event data into believing that the contract itself made the comment, rather than the actual sender who invoked the mintWithComment function.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L269
Tool used
Manual Review
Recommendation
Update the emission of the Comment event to use msg.sender as the author to accurately reflect the actual sender of the transaction