search

sherlock-audit / 2024-08-flayer-judging

0 stars 0 forks source link

Bubbly Golden Hamster - The initializeCollection function cannot be used due to incorrect implementation logic #745

Open sherlock-admin4 opened 4 days ago

sherlock-admin4 commented 4 days ago

Bubbly Golden Hamster

Medium

The initializeCollection function cannot be used due to incorrect implementation logic

Summary

The initializeCollection function cannot be used due to incorrect implementation logic.

Vulnerability Detail

In the logic of the initializeCollection function, the used token will be returned.

        nativeToken.transfer(
            msg.sender,
            startBalance - nativeToken.balanceOf(address(this))
        );

However, there is a problem with the calculation logic. The function uses the logic of startBalance - nativeToken.balanceOf(address(this)). It is wrong to subtract the balance at the end from the balance at the beginning. This may result in a negative number and cause the transaction to be rolled back.

Impact

The initializeCollection function cannot be used.

Code Snippet

https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Locker.sol#L397

Tool used

Manual Review

Recommendation

Locker.sol

397L  -   startBalance - nativeToken.balanceOf(address(this));
397L  +  nativeToken.balanceOf(address(this)) - startBalance;