Locker:initializeCollection() will revert due to arithmetic underflow
Summary
Locker:initializeCollection() will revert due to arithmetic underflow
Vulnerability Detail
Locker:initializeCollection() refund any unused relative token to the user, but the problem is instead of writing finalBalance - startBalance, it uses startBalance - finalBalance
function initializeCollection(address _collection, uint _eth, uint[] calldata _tokenIds, uint _tokenSlippage, uint160 _sqrtPriceX96) public virtual whenNotPaused collectionExists(_collection) {
//
// Refund any unused relative token to the user
nativeToken.transfer(
msg.sender,
> startBalance - nativeToken.balanceOf(address(this))
);
}
if there is any refund, it will revert the transaction due to arithmetic underflow
utsav
Medium
Locker:initializeCollection() will revert due to arithmetic underflow
Summary
Locker:initializeCollection() will revert due to arithmetic underflow
Vulnerability Detail
Locker:initializeCollection() refund any unused relative token to the user, but the problem is instead of writing
finalBalance - startBalance, it usesstartBalance - finalBalanceif there is any refund, it will revert the transaction due to arithmetic underflow
Impact
initializeCollection() will be DoSed
Code Snippet
https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Locker.sol#L394C3-L398C11
Tool used
Manual Review
Recommendation
Subtract finalBalance - startBalance