Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Remove revert in batch() to prevent full reverts on individual failures

dhank

Summary

Reverting an entire batch() call is unnecessary when each function in the flow operates independently. Since a revert in one function does not impact the execution of subsequent functions, reverting the entire batch is not required.

This behavior could cause issues for users in specific scenarios.

For instance, if a recipient who is also a sender attempts to withdraw funds from one streamId and deposit them into other streamIds, a single failed withdrawal would prevent the remaining functions from executing.

This situation might occur if the admin increases protocol fees, prioritizing their transaction by placing it before the user's transaction within the same block. This could result in the withdrawn amount being less than the recipient expected when initiating the batch() call.

Vulnerability Details

https://github.com/Cyfrin/2024-10-sablier/blob/8a2eac7a916080f2022527408b004578b21c51d0/src/abstracts/Batch.sol#L16-L25

function batch(bytes[] calldata calls) external {
uint256 count = calls.length;
for (uint256 i = 0; i < count; ++i) {
(bool success, bytes memory result) = address(this).delegatecall(calls[i]);
if (!success) {
revert Errors.BatchError(result);
}
}
}

Impact

Discussed in the summary

Tools Used

Manual review

Recommendations

Avoid reverting when one execution fails

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.