No Limits When Setting State Variable Amounts
Summary
The SablierV2 contracts allow certain state variables to be set without limits, which can lead to potential issues with unreasonable or harmful values being assigned. This report highlights specific instances where such vulnerabilities exist and provides recommendations for mitigating these risks.
Vulnerability Details
Several instances were identified in the SablierV2 contracts where state variables are set without imposing limits. These instances are as follows:
https://github.com/Cyfrin/2024-05-Sablier/tree/main/v2-core/src/SablierV2LockupDynamic.sol#L71
https://github.com/Cyfrin/2024-05-Sablier/tree/main/v2-core/src/SablierV2LockupTranched.sol#L66
https://github.com/Cyfrin/2024-05-Sablier/tree/main/v2-core/src/abstracts/SablierV2Lockup.sol#L589
https://github.com/Cyfrin/2024-05-Sablier/tree/main/v2-core/src/libraries/Helpers.sol#L101
Impact
Without proper limits, these variables can be set to extremely high or low values, leading to potential overflows, excessive gas costs, or other unintended behaviors that can compromise the contract’s functionality and security.
Tools Used
Manual code review
Recommendations
-
Implement Limits: Enforce reasonable limits when setting state variables to ensure they remain within acceptable ranges. For example:
require(maxSegmentCount > 0 && maxSegmentCount <= MAX_ALLOWED_SEGMENT_COUNT, "Invalid segment count");MAX_SEGMENT_COUNT = maxSegmentCount; -
Validation Functions: Create validation functions that check the values before they are assigned to state variables.
Lead Judging Commences
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.