SablierV2LockupTranched : `_calculateStreamedAmount` did not check whether the first tranche's full time is passed or not
Summary
_calculateStreamedAmount is return full amount for first tranche even if its full time is passed.
Vulnerability Details
The function is _calculateStreamedAmount is used inside the SablierV2Lockup contract for accounting purpose.
The function does the following actions.
Step 1: Get the current block timestamp.
Step 2: Retrieve the tranches for the stream.
Step 3: If the first tranche's timestamp is in the future, return 0.
Step 4: If the stream's end time is in the past or present, return the total deposited amount.
Step 5: Sum the amounts of all tranches with timestamps in the past or present.
Step 6: Return the summed amount as the total vested amount.
For first tranche, it checks if the end time of the tranche is in future, it breaks. But the the tranche amount is already counted.
SablierV2LockupTranched.sol#L200-L210
Impact
Even if the first tranche is not fully passed, calling this function in the halfway will return the first tranche's full amount.
It would be something, like, an employee earn their first month salary at the first day itself.
Tools Used
Manual review.
Recommendations
Other stream such as linear has this protection where it counts only the time elapsed duration.
We would have check to ensure whether the first tranche is fully passed in this case.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.