Sablier

DeFiFoundry

53,440 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Implementations of `createWithDurations()` never set the end durations

0xOzovehe

Summary

Generally all createWithDurations()functions are used to create a stream by setting the start time to block.timestamp, and the end time to the sum of block.timestamp and all specified time durations. The segment timestamps are derived from these durations. The stream is then funded by msg.sender and is wrapped in an ERC-721 NFT.

Problem however is that implementations of the createWithDurations() never seem to set the end duration as hinted to be done in the docs.

Vulnerability Details

For example, take a look at this implementation in the SablierV2LockupDynamic : https://github.com/Cyfrin/2024-05-Sablier/blob/43d7e752a68bba2a1d73d3d6466c3059079ed0c6/v2-core/src/SablierV2LockupDynamic.sol#L138-L162

function createWithDurations(LockupDynamic.CreateWithDurations calldata params)

external

override

noDelegateCall

returns (uint256 streamId)

{

// Generate the canonical segments.

LockupDynamic.Segment[] memory segments = Helpers.calculateSegmentTimestamps(params.segments);

// Checks, Effects and Interactions: create the stream.

streamId = _create(

LockupDynamic.CreateWithTimestamps({

sender: params.sender,

recipient: params.recipient,

totalAmount: params.totalAmount,

asset: params.asset,

cancelable: params.cancelable,

transferable: params.transferable,

startTime: uint40(block.timestamp),

segments: segments,

broker: params.broker

})

);

}

Evidently, this function does everything it's expected to do as hinted by asides setting the end duration.

NB: This is also applicable to all subtle wrappers that create these streams without setting a valid end duration like in SablierV2LockupDynamic#createWithDurations().

Impact

streams are created without specifying the end duration.

Tools Used

Manual review

Recommendations

Consider executing the creation of creating the streams while correctly setting the end duration.

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

53,440 USDC

nSLOC

2,655

20 USDC / LOC

High Medium

45,000 USDC

Low

3,100 USDC

Judges

5,340 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.