Sablier
Sablier
DeFiFoundry
53,440 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing a check for tranchesWithPercentages.duration can create the useless SablierV2MerkleLT contract

0xbug

Summary

The createMerkleLT function lacks checks to ensure that tranchesWithPercentages.duration is not zero and that tranchesWithPercentages.length is greater than 0.
If tranches.length is zero or tranchesWithPercentages.duration is zero, it becomes impossible to create the stream, as verified by the following checks:
checkCreateLockupTranched
_checkTranches

This can lead to the creation of a non-functional SablierV2MerkleLT contract.

Vulnerability Details

https://github.com/Cyfrin/2024-05-Sablier/blob/main/v2-periphery/src/SablierV2MerkleLockupFactory.sol#L61

function createMerkleLT(
MerkleLockup.ConstructorParams memory baseParams,
ISablierV2LockupTranched lockupTranched,
MerkleLT.TrancheWithPercentage[] memory tranchesWithPercentages,
uint256 aggregateAmount,
uint256 recipientCount
)
external
returns (ISablierV2MerkleLT merkleLT)
{
// Calculate the sum of percentages and durations across all tranches.
uint64 totalPercentage;
uint256 totalDuration; // @audit require tranchesWithPercentages.length > 0
for (uint256 i = 0; i < tranchesWithPercentages.length; ++i) {
uint64 percentage = tranchesWithPercentages[i].unlockPercentage.unwrap();
totalPercentage = totalPercentage + percentage;
unchecked {
// Safe to use `unchecked` because its only used in the event.
totalDuration += tranchesWithPercentages[i].duration;// @audit require .duration > 0 ?
}
}
..
}

Impact

This can lead to the creation of a non-functional SablierV2MerkleLT contract.

Tools Used

Manual

Recommendations

It's recommended to add the validation for the duration when creating the MerkleLT contract.

function createMerkleLT(
MerkleLockup.ConstructorParams memory baseParams,
ISablierV2LockupTranched lockupTranched,
MerkleLT.TrancheWithPercentage[] memory tranchesWithPercentages,
uint256 aggregateAmount,
uint256 recipientCount
)
external
returns (ISablierV2MerkleLT merkleLT)
{
// Calculate the sum of percentages and durations across all tranches.
uint64 totalPercentage;
uint256 totalDuration;
+ require(tranchesWithPercentages.length > 0);
for (uint256 i = 0; i < tranchesWithPercentages.length; ++i) {
uint64 percentage = tranchesWithPercentages[i].unlockPercentage.unwrap();
totalPercentage = totalPercentage + percentage;
+ require(tranchesWithPercentages[i].duration > 0);
unchecked {
// Safe to use `unchecked` because its only used in the event.
totalDuration += tranchesWithPercentages[i].duration;
}
}
...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Info/Gas/Invalid as per Docs

https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.