cducrest-brainbot - ERC2981 royalties discrepancy with strategy #144
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
cducrest-brainbot
medium
ERC2981 royalties discrepancy with strategy
Summary
In
Edition.sol
, functions that set the value ofworks[tokenId].strategy
which includesworks[tokenId].strategy.royaltyBps
do not set ERC2981's internal token royalty value.Vulnerability Detail
The function
setFeeStrategy()
sets the public mapping valueworks[tokenId_].strategy
which may update theroylatyBps
value but does not call_setTokenRoyalty(...)
:Similarly, the
publish()
function to create a new work sets the strategy but does not call_setTokenRoyalty()
:This latter case may be less of a problem since
TitlesCore
callsedition_.setRoyaltyTarget()
right after publishing a new work. However it remains a problem if publishers are expected to interact directly withEdition
and not only throughTitlesCore
Impact
The value returned by
works[tokenId].strategy.royaltyBps
andERC2981.royaltyInfo(tokenId, salePrice)
will not be coherent. Users may expect to set a certain royalty bps while the value is not updated. Core values used for royalty payments may become incorrect after updates.Code Snippet
https://github.com/vectorized/solady/blob/main/src/tokens/ERC2981.sol
https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/editions/Edition.sol#L368-L371
https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/editions/Edition.sol#L121
Tool used
Manual Review
Recommendation
Call
_setTokenRoyalty(tokenId, FeeManager.feeReceiver(address(this), tokenId), works[tokenId].strategy.royaltyBps);
at the end ofsetFeeStrategy()
.The text was updated successfully, but these errors were encountered: