Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

uint40 Timestamp Overflow Will Cause System-Wide Failure in 2058

icon0x

Summary

Vulnerability Details

The DataTypes::Stream struct uses uint40 to store snapshotTime, which can only hold values up to 2^40 - 1 (approximately 1.1 trillion). Given that Unix timestamps increment by 1 every second:

  • Maximum uint40 value: 1,099,511,627,775

  • Current Unix timestamp (2024): ~1,698,710,400

  • Time until overflow: ~34.8 years

When this overflow occurs (approximately in 2058), the following critical functions will revert due to arithmetic overflow:

  • withdraw(streamId): Unable to process user withdrawals

  • void(streamId)

  • create(streamId)

  • adjustRatePerSecond(streamId)

This will effectively brick core contract functionality, making user funds permanently inaccessible.

Impact

Tools Used

Recommendations

Replace uint40 with uint256 for timestamp storage. While this slightly increases gas costs, it prevents the overflow risk and ensures contract longevity. The gas increase is negligible compared to the severity of potential fund loss.

struct Stream {
// slot 0
uint128 balance;
UD21x18 ratePerSecond;
// slot 1
address sender;
// @audit potential data loss in 34.8years
- uint40 snapshotTime;
+ uint64 snapshotTime;
bool isStream;
bool isTransferable;
bool isVoided;
// slot 2
IERC20 token;
uint8 tokenDecimals;
// slot 3
uint256 snapshotDebtScaled;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
9 months ago
inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.