Submission Details
Severity:
`isStream()` will succeed and return false for non-existent streams
Summary
All the public view functions in SablierFlowBase.sol use the notNull modifier to ensure that they revert when called for a non-existent stream.
For example:
function isPaused(uint256 streamId) external view override notNull(streamId) returns (bool result) {
result = _streams[streamId].ratePerSecond.unwrap() == 0;
}
However, the isStream() function is missing this modifier, so will return false instead:
context:SablierFlowBase.sol#L178-L181
/// @inheritdoc ISablierFlowBase
function isStream(uint256 streamId) external view override returns (bool result) {
result = _streams[streamId].isStream;
}
This contradicts the natspec, which says:
context: ISablierFlowBase.sol#L117-L120
/// @notice Retrieves a flag indicating whether the stream exists.
/// @dev Does not revert if `streamId` references a null stream.
/// @param streamId The stream ID for the query.
function isStream(uint256 streamId) external view returns (bool result);
Proof of Concept
function test_isStreamDoesNotRevert() public { assertEq(
flow.isStream(2387333), false);
}
Recommended Mitigation
- function isStream(uint256 streamId) external view override returns (bool result) {
+ function isStream(uint256 streamId) external view override notNull(streamId) returns (bool result) {
result = _streams[streamId].isStream;
}
Updates
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
69929 USDC / LOC
19,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.