utsav - Locker:initializeCollection() will revert due to arithmetic underflow

[sherlock-admin4]

utsav

Medium

Locker:initializeCollection() will revert due to arithmetic underflow

Summary

Locker:initializeCollection() will revert due to arithmetic underflow

Vulnerability Detail

Locker:initializeCollection() refund any unused relative token to the user, but the problem is instead of writing finalBalance - startBalance, it uses startBalance - finalBalance

    function initializeCollection(address _collection, uint _eth, uint[] calldata _tokenIds, uint _tokenSlippage, uint160 _sqrtPriceX96) public virtual whenNotPaused collectionExists(_collection) {
//
        // Refund any unused relative token to the user
        nativeToken.transfer(
            msg.sender,
>           startBalance - nativeToken.balanceOf(address(this))
        );
    }

if there is any refund, it will revert the transaction due to arithmetic underflow

Impact

initializeCollection() will be DoSed

Code Snippet

https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Locker.sol#L394C3-L398C11

Tool used

Manual Review

Recommendation

Subtract finalBalance - startBalance