Because of Blacklisted user from tokens like USDC funds get locked inside the contract
Summary
Due to blacklisted users from tokens like USDC, funds can get locked inside the contract as there is no function to withdraw these locked funds.
Vulnerability Details
If a stream is non-transferable and non-cancelable, and a user involved in the stream is blacklisted, the funds will be locked in the contract forever. This situation arises because the contract lacks a mechanism to withdraw or reclaim these locked funds when a user is blacklisted.
Impact
Permanent Fund Lock: Funds are permanently locked in the contract, making them irretrievable.
Financial Loss: The inability to recover these funds can lead to significant financial loss for the contract owner or users.
Tools Used
Manual Review
Recommendations
Implement a Withdrawal Mechanism
Check for Blacklisted Users: Before creating a stream or transferring funds, ensure that the user is not blacklisted by the token contract. This can be achieved by integrating checks within the contract.
By implementing these recommendations, the contract can handle cases where users are blacklisted and ensure that funds are not irretrievably locked.
Lead Judging Commences
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.