search

sherlock-audit / 2024-04-titles-judging

1 stars 1 forks source link

0xlucky - msg.value used in for loop in mintBatch() will throw error #444

Closed sherlock-admin3 closed 1 month ago

sherlock-admin3 commented 2 months ago

0xlucky

high

msg.value used in for loop in mintBatch() will throw error

Summary

As in protocol ,to mint multiple tokens for the given work, for loop is used. But in for loop to for collect mint fee ether has been used. And for that msg.value has been passed. this can create issue.

Vulnerability Detail

" FEEMANAGER.collectMintFee{value: msg.value}( this, tokenIds[i], amounts_[i], msg.sender, address(0), work.strategy ); "

this statement is used in for loop in mintBatch function . when i will be 0 , at that time ether will be send. Now when i will be 1 and onwards it will always give error beacuse 0 balance would be present and insuffiecient balance would come

Impact

mintBatch() function would failed because of above explaination, and due to which to mint multiple tokens for multiple work would not work

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L283-L289

Tool used

Manual Review

Recommendation

Avoid using msg.value should be in for loop.

Duplicate of #280

sammy-tm commented 1 month ago

Escalate

Dup of #280

sherlock-admin3 commented 1 month ago

Escalate

Dup of #280

You've created a valid escalation!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

WangSecurity commented 1 month ago

Agree with the escalation, planning to accept and duplicate with #280

Evert0x commented 1 month ago

Result: Medium Duplicate of #280

sherlock-admin4 commented 1 month ago

Escalations have been resolved successfully!

Escalation status: