`adjustRatePerSecond` can be used to pause a stream without emitting the `PauseFlowStream` event
Summary
Streams when paused sets their ratePerSecond to 0 and snapshots their current dispensed amounts. When paused via the pause function, this also emits the PauseFlowStream event, which can be tracked by the frontend, or looked for using graphQL etc databases.
The issue is that the same can be achieved by the sender by just calling the adjustRatePerSecond function and passing in a value of 0 for the rate. This functionally achieves the same goal as a pause, but it emits a different event and not the PauseFlowStream event. this is because the adjustRatePerSecond has no checks on the input rate.
Vulnerability Details
The pause effect can be achieved by just calling adjustRatePerSecond and passing in a rate of 0. This skips the PauseFlowStream event emission.
Impact
The PauseFlowStream event wont be emitted.
Tools Used
Manual
Recommendations
Consider adding a check so that adjustRatePerSecond cant be used to set the rate to 0.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.