User can get charged fees 2 times in the future
Summary
Currently the Sablier protocol takes exactly 0% in fees. All fees go to brokers and they can be up to 10%. To note here is that sablier does not charge anything as of right now and fees on the side of Sablier can be introduced in the future. Their documentation explicitly uses the word "currently" when it comes to describing their fees which means that there is potential for fees to be introduced in the future.
Link to their docs:
https://docs.sablier.com/concepts/protocol/fees
Vulnerability Details
A broker can have a maxed out fee at 10% and with the potential introduction of Sablier fees then a user can end up paying up to 20% in fees (assuming that the limit is the same for Sablier fees). The potential for double taxation is not clear and a user may end up paying a lot more than they were expecting.
Impact
Up to 20% of the amount the user provided is used to cover fees which can be more than the user was anticipating.
Tools Used
Manual Review
Recommendations
If fees are introduced on the side of sablier make it so that the broker and sablier have a combined limit of 10%. Eg: broker 7% sablier 3%.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.