Fjord Token Staking

Summary

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol

The onStreamCanceled function in the provided code snippet contains a vulnerability related to invalid streamId values, which may cause the function to revert with StreamOwnerNotFound() if the stream owner is not found.

Vulnerability Details

Issue: The function fetches the owner of a stream using _streamIDOwners[streamId]. If this lookup returns address(0), indicating no owner is associated with the given streamId, the function reverts with StreamOwnerNotFound().

Cause: The issue arises if streamId is invalid, incorrectly managed, or if there is a problem with the streamId mappings. This could happen if the stream is deleted, if the streamId is incorrect, or if there is an inconsistency in stream management.

Impact

Operational Impact: Users may face transaction failures or service disruptions if they interact with streams that are not correctly registered or if there are issues with the streamId. This can lead to a negative user experience and hinder functionality.

Security Impact: An attacker could potentially exploit the condition where address(0) is returned to cause reverts or denial of service. This could disrupt legitimate use and potentially be used maliciously to affect the contract's operations.

Tools Used

Manual Review

Recommendations

Validate Stream ID: Implement checks to ensure that streamId is valid and properly managed before accessing _streamIDOwners[streamId]. Validate that streamId values are correctly generated and used.

Handle Invalid Cases Gracefully: Consider handling the scenario where streamOwner is address(0) in a way that does not immediately revert the transaction. Logging the event or notifying the user may be preferable depending on the context.

Update Stream Management Logic: Review and enhance the logic for managing streamId and its owners. Ensure proper registration, updating, and deletion of streams to avoid inconsistencies.