# 31479 - \[SC - High] alchemechNFT holder will get too little FLUX be...

Submitted on May 20th 2024 at 05:06:46 UTC by @Holterhus for [Boost | Alchemix](https://immunefi.com/bounty/alchemix-boost/)

Report ID: #31479

Report type: Smart Contract

Report severity: High

Target: <https://github.com/alchemix-finance/alchemix-v2-dao/blob/main/src/FluxToken.sol>

Impacts:

* Permanent freezing of unclaimed royalties

## Description

## Brief/Intro

When `alchemicNFT` holders claim FLUX, the amount to claim is calculated relative to the amount that Patron NFT holders claim, which dramatically underestimates the amount to claim.

## Vulnerability Details

When NFT holders claim FLUX, the calculated amount should either by multiplied by 0.4% (for Patron NFT holders) or 0.05% (for alchemicNFT holders).

However, in the implementation of `getClaimableFlux()`, we first multiply by 0.4% to get the Patron NFT holder amount. Then, if it's an Alchemic NFT holder, we multiply that resulting value by 0.05% to get the final amount.

The result is that Alchemic NFT holders receive 0.4% \* 0.05% = 0.0002% of the calculated amount, which is 250x less than they should.

## Impact Details

Alchemic NFT holders will receive 250x less FLUX than they should when claiming. This loss of FLUX amount is permanent and can't be fixed.

## References

`FluxToken.sol`

## Proof of Concept

The following test can be added to `FluxToken.t.sol`. It should return 0.05% of `500_000`, which would equal `250`, but instead returns `1`.

```solidity
function test_InflatedAlchemicNFTClaim() external {
    uint256 amount = 500_000;
    uint256 bptCalculation = flux.getClaimableFlux(amount, alchemechNFT);
    assertEq(bptCalculation, 1);
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/alchemix/31479-sc-high-alchemechnft-holder-will-get-too-little-flux-be....md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.