Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

The use of `snapshotDebtScaled` in the calculation of `solvencyAmount` in `SablierFlow::depletionTimeOf` does not represent accurately the totaldebt.

0x0noob

Description

https://github.com/Cyfrin/2024-10-sablier/blob/main/src/SablierFlow.sol#L57C5-L104C6

// Depletion time is defined as the UNIX timestamp at which the total debt exceeds stream balance by 1 unit of
// token (mvt). So we calculate it by solving: total debt at depletion time = stream balance + 1. This ensures
// that we find the lowest timestamp at which the total debt exceeds the stream balance.
// Safe to use unchecked because the calculations cannot overflow or underflow.
unchecked {
uint256 solvencyAmount = balanceScaled - snapshotDebtScaled + oneMVTScaled;

SablierFlow::depletionTimeOf seeks to calculate the time at which total debt exceeds stream balance as can be seen from the comment from the code above and the amount which was used to represents total debt is snapshotDebtScaled. snapshotDebtScaled however might not accurately reflect the amount of actual total debt at the given time the function is called given that as the amount of debt is measured with RPS and the snapshotDebtScaled value might be stale.

Impact

The function returns a wrong value.

Tool Used

Manual Review

Recommendation

unchecked {
-- uint256 solvencyAmount = balanceScaled - snapshotDebtScaled + oneMVTScaled;
++ uint256 solvencyAmount = balanceScaled - (snapshotDebtScaled + _ongoingDebtScaledOf(streamId) ) + oneMVTScaled;
Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.