onStreamCanceled() will always revert
Summary
onStreamCanceled() will always revert
Vulnerability Details
onStreamCanceled() call the _unstakedVested() to unstake a user from staking & points contract. When unstaking from points contract, _unstakedVested() uses msg.sender instead of steamOwner.
This is a issue because only sablier can call onStreamCanceled(), which means msg.sender in _unstakedVested() will be sablier, which means unstaking from points contract will be from sablier contract but there is no staking in points contract from sablier but was from streamOwner. therefore onStreamCanceled() will always revert
Impact
onStreamCanceled() will always revert due to using msg.sender instead of steamOwner in _unstakedVested()
Tools Used
VS code
Recommendations
In _unstakedVested()
Lead Judging Commences
Sablier calls `onStreamCanceled` > `_unstakeVested` > points.onUnstaked(msg.sender, amount); making the effects of points.onUnstaked apply to sablier who's the msg.sender.
Indeed the `points.onUnstaked` should use the streamOwner instead of msg.sender as an input parameter. Impact: high - The vested stakers who got their streams canceled will keep on receiving rewards (points included) for the previously staked stream. Likelihood: low - whenever a Sablier stream sender decides to `cancel()` a recipient's stream
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.