Sablier

Sablier
DeFiFoundry
53,440 USDC
View results
Submission Details
Severity: low
Invalid

Protocol isn't compatible with fee-on-transfer tokens.

Summary

Protocol isn't compatible with fee-on-transfer tokens.

Vulnerability Details

As the contest page highlights the protocol is expected to be compatible with fee-on-transfer tokens also.

Sablier protocol is compatible with the following:

Any network which is EVM compatible

Any ERC20 token

Here in the _create() function, the amount createAmounts.deposit is transferred from the msg.sender to address(this) as the tokens such as PAXG and STA fee-on-transfer tokens means it charges some fee on transfer. Now the issue arises because the accounting will be invalid as the createAmounts.deposit will be out of sync with the balance of address(this) as less than createAmounts.deposit is transferred from the msg.sender.

function _create(LockupDynamic.CreateWithTimestamps memory params) internal returns (uint256 streamId) {
...
...
// Effect: mint the NFT to the recipient.
_mint({ to: params.recipient, tokenId: streamId });
//
// Interaction: transfer the deposit amount.
@> params.asset.safeTransferFrom({ from: msg.sender, to: address(this), value: createAmounts.deposit });
// Interaction: pay the broker fee, if not zero.
if (createAmounts.brokerFee > 0) {
@> params.asset.safeTransferFrom({ from: msg.sender, to: params.broker.account, value: createAmounts.brokerFee });
}
...
...
}

Impact

Stated accounting issue will occur and other Sablier accounting related functions perform operations using inputed/recorded amounts. They don't query the existing balance of tokens before or after receiving/sending in order to properly account for tokens that shift balance when received (FoT).

Reference finding

https://www.codehawks.com/report/clsxlpte900074r5et7x6kh96#M-02

Tools Used

Manual Review

Recommendation

Sablier accounting related functions perform operations using inputed/recorded amounts should query the existing balance of tokens before or after receiving/sending in order to properly account for tokens that shift balance when received (FoT).

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

Known - Contest Details

https://www.codehawks.com/contests/clvb9njmy00012dqjyaavpl44

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.