Sablier

Sablier
DeFiFoundry
53,440 USDC
View results
Submission Details
Severity: low
Invalid

Because of Blacklisted user from tokens like USDC funds get locked inside the contract

Summary

Due to blacklisted users from tokens like USDC, funds can get locked inside the contract as there is no function to withdraw these locked funds.

Vulnerability Details

If a stream is non-transferable and non-cancelable, and a user involved in the stream is blacklisted, the funds will be locked in the contract forever. This situation arises because the contract lacks a mechanism to withdraw or reclaim these locked funds when a user is blacklisted.

Impact

  • Permanent Fund Lock: Funds are permanently locked in the contract, making them irretrievable.

  • Financial Loss: The inability to recover these funds can lead to significant financial loss for the contract owner or users.

Tools Used

Manual Review

Recommendations

  1. Implement a Withdrawal Mechanism

  2. Check for Blacklisted Users: Before creating a stream or transferring funds, ensure that the user is not blacklisted by the token contract. This can be achieved by integrating checks within the contract.

By implementing these recommendations, the contract can handle cases where users are blacklisted and ensure that funds are not irretrievably locked.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Info/Gas/Invalid as per Docs

https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.