Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Dubious typecast in SablierFlow.sol

nomadic_bear

Summary

Multiple instances of unsafe uint256 to uint40 type casting in the SablierFlow contract pose significant risks due to potential data truncation. This affects timestamp handling across critical functions.

Vulnerability Details

- [ ] ID-18
Dubious typecast in [SablierFlow._adjustRatePerSecond(uint256,UD21x18)]():
uint256 => uint40 casting occurs in [_streams[streamId].snapshotTime = uint40(block.timestamp)]()
src/SablierFlow.sol#L529-L546
- [ ] ID-19
Dubious typecast in [SablierFlow._withdraw(uint256,address,uint128)]():
uint256 => uint40 casting occurs in [_streams[streamId].snapshotTime = uint40(block.timestamp)]()
src/SablierFlow.sol#L750-L853
- [ ] ID-20
Dubious typecast in [SablierFlow._void(uint256)]():
uint256 => uint40 casting occurs in [_streams[streamId].snapshotTime = uint40(block.timestamp)]()
src/SablierFlow.sol#L713-L748
- [ ] ID-21
Dubious typecast in [SablierFlow._create(address,address,UD21x18,IERC20,bool)]():

Impact

Risk Rating: medieum

Current timestamps (~1.7B) exceed uint40 max (1.09T)

Truncation leads to incorrect stream timing

Affects withdrawals, debt tracking, and payment schedules

Core functionality compromised

Tools used

slither .

Manuel code review

Recommendations

Implement SafeCast for all timestamp conversions

Consider upgrading timestamp storage to uint64

Add input validation for timestamps

Review all timestamp-dependent calculations

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.