Submission Details
Severity:
SabilierFlow::depletionTimeOf doesnt do what is specifed in the natspec
Summary
https://github.com/Cyfrin/2024-10-sablier/blob/8a2eac7a916080f2022527408b004578b21c51d0/src/interfaces/ISablierFlow.sol#L118-L121
The actual implementation of the function doesnt follow the natspec
Vulnerability Details
If the total debt is less than
/// or equal to stream balance, it returns 0. as stated by the natspec
while the implemented is like this
if (snapshotDebtScaled + _ongoingDebtScaledOf(streamId) >= balanceScaled + oneMVTScaled) {
return 0;
}
which is the opposite of what is stated in the natspec and hence doesnt actially run when the totalDebt is greater than balance which is what it is supposed to do
Impact
The function doesnt work as expected
Tools Used
manual analysis
Recommendations
The function should be rewritten using
if (snapshotDebtScaled + _ongoingDebtScaledOf(streamId) <= balanceScaled + oneMVTScaled) {
return 0;
}
Updates
Appeal created
silver_eth
about 1 year ago
silver_eth
about 1 year ago
inallhonesty
about 1 year ago
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
69929 USDC / LOC
19,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.