`_checkTranches` will revert when operating with more complex numbers
Summary
In manual tranche stream creation (with broker fee), it is possible that some specific tranche deposits would be impossible to craft due to _checkTranches reverting.
Vulnerability Details
Imagine the following: stream sender has 200 tokens (with 18 decimals so 200e18) to stream to recipient via 2 equivalent tranches (100, 100), broker is also involved, brokerFee = 10%. According to the natspec, the stream creator is responsible for accounting for all due sums in the params.totalAmount (tranche amounts sum + broker fee). If the sender intends to stream 200e18 (after fee) then we calculate the params.totalAmount (before fee) as 200e18 / (1 - brokerFee) = 222,222222e18. With this input, checkAndCalculateBrokerFee will calculate createAmounts.deposit as 222,222222e18 - 222,222222e18 * brokerFee = 199,999998e18. This amount is further checked in Helpers._checkTranches and will cause a revert since it does not amount to the intended 200 tokens stream.
Sender would be unable to stream their initially intended (and presumably owed to recipient) 200 token amount with the given parameters.
Impact
Unexpected behavior, broken core functionality
Tools Used
Manual Review
Recommendations
Instead of reverting the transaction, cover the difference between depositAmount and trancheAmountSum from the brokerFee when handling periodic numbers.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.