`Edition::transferWork()` does not change the fee receiver to the new `creator`

Summary

Edition::transferWork() transfers the creator of a work to a new to but does not modify the route in the FeeManager to the new creator.

Vulnerability Detail

Mint fees are payed to the creator of a work based on the stored _feeReceivers mapping, which is set only when the work is published in TitlesCore::_publish().

In Edition::transferWork(), only work.creator = to_; is set, without changing the route in FeeManager.

Note that royalty information should likely also be updated.

Impact

Loss of funds for the new creator.

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L417

Tool used

Manual Review

Vscode

Recommendation

FeeManager::createRoute() is permissioned by the admin or owner, so it can not be called directly, but a way to call it from an entity should be added.

Duplicate of #283

sherlock-audit / 2024-04-titles-judging

0x73696d616f - `Edition::transferWork()` does not change the fee receiver to the new `creator` #438

`Edition::transferWork()` does not change the fee receiver to the new `creator`

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2024-04-titles-judging

0x73696d616f - `Edition::transferWork()` does not change the fee receiver to the new `creator` #438

Edition::transferWork() does not change the fee receiver to the new creator

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

`Edition::transferWork()` does not change the fee receiver to the new `creator`