Submission Details
Severity:
Incorrect check can cause unexpected error
Summary
The stakeVested has an incorrect check which can cause an underflow error instead of the custom error
Vulnerability Details
function stakeVested(uint256 _streamID) external checkEpochRollover redeemPendingRewards {
//CHECK
if (!sablier.isStream(_streamID)) revert NotAStream();
if (sablier.isCold(_streamID)) revert NotAWarmStream();
// only allow authorized stream sender to stake cancelable stream
if (!authorizedSablierSenders[sablier.getSender(_streamID)]) {
revert StreamNotSupported();
}
if (address(sablier.getAsset(_streamID)) != address(fjordToken)) revert InvalidAsset();
uint128 depositedAmount = sablier.getDepositedAmount(_streamID);
uint128 withdrawnAmount = sablier.getWithdrawnAmount(_streamID);
uint128 refundedAmount = sablier.getRefundedAmount(_streamID);
>> if (depositedAmount - (withdrawnAmount + refundedAmount) <= 0) revert InvalidAmount();
Impact
Unexpected error in some rare cases
Tools used
Manual Review
Recommendations
Consider using another check:
- if (depositedAmount - (withdrawnAmount + refundedAmount) <= 0) revert InvalidAmount();
+ if (depositedAmount <= (withdrawnAmount + refundedAmount)) revert InvalidAmount();
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
66230 USDC / LOC
16,000 USDC
2,500 USDC
1,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.