Flow

Sablier

FoundryDeFi

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Main invariant can be broken

takarez

Summary

One of the invariant of the protocol can be broken

Vulnerability Details

One of the main protocol invariant is that whenever the RPS equals 0 for a non-voided stream, the stream must be paused, and the Flow.Status should be either PAUSED_SOLVENT or PAUSED_INSOLVENT

This can be observed from the protocol's deocumentation

for any non-voided stream, if rps=0⟹isPaused=true and Flow.Status is either PAUSED_SOLVENT or PAUSED_INSOLVENT.

However, this invariant can be easily broken by setting ratePerSecond to zero without pausing the contract. This can be done by calling the adjustRatePerSecond function with newRatePerSecond set to zero. There is no check to ensure that the value is non-zero, which is crucial to maintaining the invariant.

function adjustRatePerSecond(

uint256 streamId,

UD21x18 newRatePerSecond

)

external

override

noDelegateCall

notNull(streamId)

notPaused(streamId)

onlySender(streamId)

updateMetadata(streamId)

{

UD21x18 oldRatePerSecond = _streams[streamId].ratePerSecond;

// Effects and Interactions: adjust the rate per second.

_adjustRatePerSecond(streamId, newRatePerSecond);

// Log the adjustment.

emit ISablierFlow.AdjustFlowStream({

streamId: streamId,

totalDebt: _totalDebtOf(streamId),

oldRatePerSecond: oldRatePerSecond,

newRatePerSecond: newRatePerSecond

});

}

This would mean the invariant has been broken

Impact

Main invariant of the protocol is broken

Tools Used

Manual review

Recommendations

Ensure that whenever the adjustRatePerSecond function is called, the newRatePerSecond is checked to confirm it is non-zero. If newRatePerSecond is zero, the function should revert or automatically pause the contract. This safeguard will enforce the protocol invariant that ratePerSecond must be greater than zero in an active stream, helping to prevent unintended states.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

takarez Submitter

9 months ago

inallhonesty Lead Judge

9 months ago

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

699

29 USDC / LOC

High Medium

19,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.