Large Transfers May Fail with Some ERC20 Tokens
Summary
Some IERC20 implementations, such as those for UNI and COMP tokens, may revert transactions if the transferred value exceeds uint96. This report identifies instances in the SablierV2 contracts where large transfers using the safeTransfer function could potentially fail due to this issue.
Vulnerability Details
Certain ERC20 tokens have non-standard implementations that can cause failures for large transfers. Specifically, if the value being transferred exceeds the uint96 limit, the transfer may revert. This issue is relevant in the following instances within the SablierV2 contracts:
https://github.com/Cyfrin/2024-05-Sablier/tree/main/v2-core/src/abstracts/SablierV2Lockup.sol
https://github.com/Cyfrin/2024-05-Sablier/tree/main/v2-periphery/src/SablierV2BatchLockup.sol
Impact
The impact of this vulnerability is significant, as it could prevent large transfers of tokens for certain ERC20 implementations. This could disrupt the functionality of the SablierV2 contracts, particularly for high-value transactions, leading to failed transfers and potential loss of user trust.
Tools Used
Manual code review
Recommendations
Validate token compatibility: Before performing large transfers, check the token's implementation to ensure it supports large transfers without reverting.
Use smaller transfer amounts: Where feasible, split large transfers into smaller transactions that fall within the uint96 limit.
Implement a transfer wrapper: Create a wrapper function that handles large transfers by splitting them into smaller chunks if necessary, ensuring compatibility with tokens that have uint96 limitations.
Lead Judging Commences
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.