Submission Details
Severity:
Incorrect code description
Summary
Incorrect description of a code execution in FjordStaking.sol::stakeVested()
Vulnerability Details
As per FjordStaking.sol::stakeVested() function logic only authorized stream sender can stake a cancellable stream, here:
// only allow authorized stream sender to stake cancelable stream
if (!authorizedSablierSenders[sablier.getSender(_streamID)]) {
revert StreamNotSupported();
}
however, the way Sablier works, a sender can never stake their NFT, because NFT is not minted to a sender, it is minted to the recipient. See the related code logic from here:
// Effects: mint the NFT to the recipient.
_mint({ to: params.recipient, tokenId: streamId });
For this reason in stakeVested() the NFT will be transferred to the FjordStaking contract only if the caller is the recipient of the stream.
Impact
Confusion
Tools Used
Manual review
Recommendations
- // only allow authorized stream sender to stake cancelable stream
+ // Only allow recipient of authorized stream to stake cancelable stream
if (!authorizedSablierSenders[sablier.getSender(_streamID)]) {
revert StreamNotSupported();
}
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
66230
USDC / LOC
16,000 USDC
2,500 USDC
1,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.