Summary

Griefing Attack could be carried out on the protocol through unbounded arrays in functions.

Vulnerability Details

in the SablierV2Lockup.sol contract the functions function cancelMultiple(uint256[] calldata streamIds) external and function withdrawMultiple(uint256[] calldata streamIds,uint128[] calldata amounts) both carry out batch cancellation and batch withdrawal respectively from user provided params. The functions cancelMultiple and withdrawMultiple both uses an unbounded loop, which iterates the arrays in their respective functions. A malicious actor could keep passing large volume of data to cause the consumed gas to even exceed the block gas limit and cause the transaction to fail every time, thereby grieving the protocol. If the array size grows so large that a call to either functions would be prohibitively expensive and not fit in a block.

Impact

The impact is High and the likelihood is also high as it is a permissionless protocol with these functions that accept user defined parameters aarays, which makes it accessible also to a malicious actors as well.

Tools Used

manual review

Recommendations

The protocol admin needs best define bounds for this tainted variable arrays as this would ensure that a large set of data is not looped over at a time to cause it to exceed the block gas limit.