Sablier
Sablier
DeFiFoundry
53,440 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

when create lock up, should check sender not equals to recipient

twcctop

Summary

sablier is a protol which allows senders to send money like stream to recipient, once sender is recepient
will make this lockup none sense, so should check sender not equals to recipient when create lockup

Vulnerability Details

take SablierV2LockupDynamic for example, when crate sablier ,only check the broker fee and calculate the amounts,
the sender equals to recipient is not checked, so the sender can send money to himself, which is meaningless.

function _create(LockupDynamic.CreateWithTimestamps memory params) internal returns (uint256 streamId) {
// Check: verify the broker fee and calculate the amounts.
@> Lockup.CreateAmounts memory createAmounts =
Helpers.checkAndCalculateBrokerFee(params.totalAmount, params.broker.fee, MAX_BROKER_FEE);
// Check: validate the user-provided parameters.
@> Helpers.checkCreateLockupDynamic(createAmounts.deposit, params.segments, MAX_SEGMENT_COUNT, params.startTime);

Impact

sender is possible to send money to himself, which is meaningless

Tools Used

manaul

Recommendation

should limit sender not equals to recipient when create lockup

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Info/Gas/Invalid as per Docs

https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.