Closed sherlock-admin3 closed 1 month ago
Escalate
Dup of #280
Escalate
Dup of #280
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #280
Result: Medium Duplicate of #280
0xlucky
high
msg.value used in for loop in mintBatch() will throw error
Summary
As in protocol ,to mint multiple tokens for the given work, for loop is used. But in for loop to for collect mint fee ether has been used. And for that msg.value has been passed. this can create issue.
Vulnerability Detail
" FEEMANAGER.collectMintFee{value: msg.value}( this, tokenIds[i], amounts_[i], msg.sender, address(0), work.strategy ); "
this statement is used in for loop in mintBatch function . when i will be 0 , at that time ether will be send. Now when i will be 1 and onwards it will always give error beacuse 0 balance would be present and insuffiecient balance would come
Impact
mintBatch() function would failed because of above explaination, and due to which to mint multiple tokens for multiple work would not work
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L283-L289
Tool used
Manual Review
Recommendation
Avoid using msg.value should be in for loop.
Duplicate of #280