Sablier
Sablier
DeFiFoundry
53,440 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

A malicious user could claim airstreams on different chains

okolicodes

Summary

A malicious user could participate in the claiming of airstreams on different chains.

Vulnerability Details

A user that has a valid merkle proof could claim the same streams created by a sender on different chains simultaneously and this is due to the lack of chainId specification in the leaf hash.

bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(index, recipient, amount))));

If a stream sender decides to create a stream on multiple chains and proceed to fund the stream on multiple chains, a malicious user that has claimed their streams can also claim streams on all other chains in which the stream was deployed.

Impact

Claiming of the same stream on multiple chains as the Protocol intends on deploying on all networks.

Tools Used

Manual Review

Recommendations

Add the chainId to the leaf hash so a user can just claim on a particular chain and not game the entire system.

>>> bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(index, recipient, amount, chainId))));
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
okolicodes Submitter
about 1 year ago
inallhonesty Lead Judge
about 1 year ago
okolicodes Submitter
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Cross Chain Replay Attacks

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.