Flow

Sablier

FoundryDeFi

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

TotalDebt is not always handled correctly if the ERC20 supply is greater than 128 bits

silver_eth

Summary
The protocol has stated that ERC20s interacting with the protocol should have a total supply below, however the standard specifies up to 256 bits and therefore values above 128 bits should be handled(capped) to ensure the protocol maintains its 256 bit cap whilst also ensuring that no party loses their funds

Vulnerability Details

There are two instances where this vulnerability occurs
https://github.com/Cyfrin/2024-10-sablier/blob/8a2eac7a916080f2022527408b004578b21c51d0/src/SablierFlow.sol#L811

https://github.com/Cyfrin/2024-10-sablier/blob/8a2eac7a916080f2022527408b004578b21c51d0/src/SablierFlow.sol#L473

the above code reverts if totalDebt > type(uint128).max
this could mean that users might not be able to execute core functionalities like withdraw or refund if the supply of ERC20 token surpasses 128 bits, and the debt also surpasses 128 bits
A better approach would be to cap the debt at type(uint128).max
something like
debt > type(uint128).max ? type(uint128).max : debt

Impact

User funds could be locked

Tools Used

Recommendations
Protocol values should be capped at type(uint128).max rather ]than reverting if it passes that value

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

699

29 USDC / LOC

High Medium

19,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.