Submission Details
Severity:
Missing Balance Validation in the `function statusOf`
Summary
The status function fails to verify if the contract has sufficient funds to cover ongoing stream obligations.
Vulnerability Details
https://github.com/Cyfrin/2024-10-sablier/blob/main/src/SablierFlow.sol#L129-#L155
It doesn't verify if there are enough tokens in the contract.
Impact
Financial loss risk for recipients and Contract could become insolvent without warning.
Tools Used
Manual code review
Recommendations
Checks if contract has sufficient funds as this will helps prevent failed transactions and gives users visibility into funding status.
function statusOf(uint256 streamId) external view override notNull(streamId) returns (Flow.Status status) {
// Check: the stream is voided.
if (_streams[streamId].isVoided) {
return Flow.Status.VOIDED;
}
// Check contract balance
@> uint256 requiredBalance = _calculateRequiredBalance(streamId);
@> uint256 currentBalance = token.balanceOf(address(this));
@>if (currentBalance < requiredBalance) {
@> return Flow.Status.UNDERFUNDED;
@> }
// See whether the stream has uncovered debt.
bool hasDebt = _uncoveredDebtOf(streamId) > 0;
if (_streams[streamId].ratePerSecond.unwrap() == 0) {
// If the stream is paused and has uncovered debt, return PAUSED_INSOLVENT.
if (hasDebt) {
return Flow.Status.PAUSED_INSOLVENT;
}
// If the stream is paused and has no uncovered debt, return PAUSED_SOLVENT.
return Flow.Status.PAUSED_SOLVENT;
}
// If the stream is streaming and has uncovered debt, return STREAMING_INSOLVENT.
if (hasDebt) {
return Flow.Status.STREAMING_INSOLVENT;
}
// If the stream is streaming and has no uncovered debt, return STREAMING_SOLVENT.
status = Flow.Status.STREAMING_SOLVENT;
}
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
69929 USDC / LOC
19,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.