In a linear stream, `SablierV2NFTDescriptor::calculateStreamedPercentage()` will always return a zero value while streamedAmount * 10000 < depositedAmount
Summary
Vulnerability Details
When a sender creates a linear stream, a Sablier NFT is minted to the recipient as an authority over the funds to be distributed in the stream. This NFT has various properties many of which are visualized on the front end but the nexus of this finding is the streamed percentage.
The streamed percentage is an indication of how much of the total deposited amount by the sender has been streamed to the receiver. Here's how it is calculated:
This calculation is not expected to overflow which is why the unchecked blocked was used, yet the function is exposed to PRECISION LOSS. Well, when streamed amount * 10000 < deposited amount, the result will always be 0. This is common among per-second streams like Linear streams.
Impact
Likelihood: High
Impact: Low
Severity: Medium
The impact of this is that the rendered visual details of the stream on the front end and the details returned when this function is called on the smart contract level while the aforementioned condition persists will be incorrect.
Tools Used
Manual Review
Recommendations
Use the PrbMath for such calculation. It handles precision loss well and can help resolve this.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.