Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Local Variable Shadowing in SablierFlow.sol

nomadic_bear

Summary

A local variable shadows a state variable and function in the _withdraw function, causing potential code readability and maintainability issues.

Vulnerability Details

Location: src/SablierFlow.sol in the _withdraw function

IERC20 token = _streams[streamId].token;
UD60x18 protocolFee = protocolFee[token]; // Local variable shadows state mapping

This local variable shadows:

  1. State variable mapping protocolFee in SablierFlowBase

  2. Function protocolFee(IERC20) in ISablierFlowBase

Impact

LOW - The shadowing is:

  • Limited to internal function scope

  • Functionally correct as it reads from the shadowed state mapping

  • Only affects code readability and maintenance

Tools Used

slither .

shadowing-local
Impact: Low
Confidence: High

src/SablierFlow.sol#L824-L826

manuel code review

Recommendations

Rename the local variable to be more specific:

IERC20 token = _streams[streamId].token;
UD60x18 currentProtocolFee = protocolFee[token];

0r

UD60x18 tokenProtocolFee = protocolFee[token];
Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.