Sablier

DeFiFoundry

53,440 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Stream Creation Failure due to WETH transfer compatibility on some chains

okolicodes

Summary

The creation of streams using WETH as stream token will fail in some chains.

Vulnerability Details

The creation of streams is usually done when _create is called in the SablierV2LockupLinear.sol and the transfer of the assets that will be distributed during the stream is made as can be seen below:

// Interaction: transfer the deposit amount.

params.asset.safeTransferFrom({ from: msg.sender, to: address(this), value: createAmounts.deposit });

The method used is the safetransferFrom method, which will work fine on most chains which uses the standard WETH9 contract that handles the case when src=msg.sender

WETH9.sol

If (src != msg.sender && allowance[src][msg.sender] !=uint(-1)) {

require(allowance[src][msg.sender] >= wad);

allowance[src][msg.sender] -= wad;

}

The problem is that the WETH implementation on Blast uses a different contract and does not have this src == msg.sender handling.
According to the documentation, the use of normal ERC20 tokens is supported across all chains and WETH is a very popular ERC20 token. The protocol prohibits the use of Ether not WETH and intends on deploying on all chains.
As can be seen in the docs below:

Sablier protocol is compatible with the following:
Any network which is EVM compatible,
Any ERC20 token
Its not compatible with:
Any network which is not EVM compatible,
Any token standard other than ERC20,
Rebased ERC20 tokens can be used but yield will be lost,
Ether (ETH)

Impact

The problem is that the WETH implementation on Blast uses a different contract and does not have this src == msg.sender handling.
The failure to approve the SablierV2LockupLinear.sol to spend WETH tokens will prevent the protocol from creating WETH streams on multiple chains like Blast.

Tools Used

Manual review

Recommendations

To address this issue, it is recommended to modify the SablierV2LockupLinear.sol and other stream creating contracts file as follows:

// Interaction: transfer the deposit amount.

--- params.asset.safeTransferFrom({ from: msg.sender, to: address(this), value: createAmounts.deposit });

+++ params.asset.safeTransfer({ to: address(this), value: createAmounts.deposit });

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Info/Gas/Invalid as per Docs

https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity

Prize pool breakdown

Total prize

53,440 USDC

nSLOC

2,655

20 USDC / LOC

High Medium

45,000 USDC

Low

3,100 USDC

Judges

5,340 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.