Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

heeze - Incorrect index of checkpoint #785

Open
sherlock-admin4 opened this issue Sep 15, 2024 · 0 comments
Open

heeze - Incorrect index of checkpoint #785

sherlock-admin4 opened this issue Sep 15, 2024 · 0 comments

Comments

@sherlock-admin4
Copy link
Contributor

sherlock-admin4 commented Sep 15, 2024

heeze

Medium

Incorrect index of checkpoint

Summary

If the checkpoint is updated and the previous timestamp and current are the same (i.e they are within the same block) the index returned is incorrect.

Vulnerability Detail

The ProtectedListings::_createCheckpoint function updates the collectionCheckpoints mapping whenever a change in the number of listings occurs and returns the index at which the latest checkpoint is stored.
In the ProtectedListings::_createCheckpoint function if the timestamp of a listing is the same as the previous one in the array the compoundedFactor of the previous checkpoint is changed and used as the updated checkpoint. However, the index is calculated as the length of the array which is incorrect.

Impact

The checkpoint index is incorrect and points to a non-existing array index, and since this is used in calculating the unlock price therefore the unlock price will also be incorrect.

Code Snippet

In https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/ProtectedListings.sol#L564-#L567

Tool used

Manual Review

Recommendation

@sherlock-admin2 sherlock-admin2 changed the title Bright Emerald Fish - Incorrect index of checkpoint heeze - Incorrect index of checkpoint Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant