Sablier

Sablier
DeFiFoundry
53,440 USDC
View results
Submission Details
Severity: low
Invalid

Lockups will not work with fee on transfer tokens

Summary

Lockups will not work with fee on transfer tokens

Vulnerability Details

In the documentation it is written that any ERC-20 token can be streamed on Sablier. However, lockups will not work with fee on transfer tokens.

When creating a stream, the deposited amount is stored in a struct, which will be used later when recipient withdraws. The problem is, the function safeTransferFrom may not transfer the given amount of tokens, because there would be fees, meaning less amount will be transfered to the contract.
This difference will be compensated by the money of the other streams, but when the last stream is withdrawn, there will not be enough money for it and part of its money will be stuck in the contract.

NOTE: This applies to all types of streams.

Impact

Stuck of funds

Tools Used

Manual Review

Recommendations

It is recommended to get the contract balance before and after the safeTransferFrom to see how much tokens were received, and save this amount in the struct.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

Known - Contest Details

https://www.codehawks.com/contests/clvb9njmy00012dqjyaavpl44

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.