Flow

Sablier
FoundryDeFi
20,000 USDC
View results
Submission Details
Severity: medium
Invalid

Insufficient Access Control

location: /src/SablierFlow.sol

Code Snippet

if (msg.sender != _streams[streamId].sender && !_isCallerStreamRecipientOrApproved(streamId)) {
revert Errors.SablierFlow_Unauthorized({ streamId: streamId, caller: msg.sender });
}

Impact

  • Description: The access control check does not adequately validate whether the caller is authorized. If an unauthorized address interacts with sensitive functions, it could lead to unauthorized modifications of stream states.

  • Real-World Consequences: Unauthorized manipulation can cause financial losses and breaches of trust in the system, leading to potential legal repercussions.

Recommendations

  • Role-Based Access Control (RBAC): Use OpenZeppelin’s AccessControl to implement specific roles for users (e.g., stream creators, recipients, admins).

  • Audit Access Controls: Conduct a thorough review of all functions requiring access control to ensure all scenarios are covered.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.