If the checkpoint is updated and the previous timestamp and current are the same (i.e they are within the same block) the index returned is incorrect.
Vulnerability Detail
The ProtectedListings::_createCheckpoint function updates the collectionCheckpoints mapping whenever a change in the number of listings occurs and returns the index at which the latest checkpoint is stored.
In the ProtectedListings::_createCheckpointfunction if the timestamp of a listing is the same as the previous one in the array the compoundedFactor of the previous checkpoint is changed and used as the updated checkpoint. However, the index is calculated as the length of the array which is incorrect.
Impact
The checkpoint index is incorrect and points to a non-existing array index, and since this is used in calculating the unlock price therefore the unlock price will also be incorrect.
heeze
Medium
Incorrect index of checkpoint
Summary
If the checkpoint is updated and the previous timestamp and current are the same (i.e they are within the same block) the index returned is incorrect.
Vulnerability Detail
The
ProtectedListings::_createCheckpointfunction updates thecollectionCheckpointsmapping whenever a change in the number of listings occurs and returns the index at which the latest checkpoint is stored. In theProtectedListings::_createCheckpointfunction if the timestamp of a listing is the same as the previous one in the array thecompoundedFactorof the previous checkpoint is changed and used as the updated checkpoint. However, the index is calculated as the length of the array which is incorrect.Impact
The checkpoint index is incorrect and points to a non-existing array index, and since this is used in calculating the unlock price therefore the unlock price will also be incorrect.
Code Snippet
In https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/ProtectedListings.sol#L564-#L567
Tool used
Manual Review
Recommendation