Submission Details
Severity:
Missing `address(0)` in the `SablierFlowBase::_update` function which will lead to accidental loss.
Relevant GitHub Links
Summary
The token can be transferred to address zero.
Vulnerability Details
In the SablierFlowBase::_update function, the documentation specifies that the transfer must not take place at address zero to avoid accidental burns, but in the implementation of the function no validation has been done to check this. so this loss may occur :
/// ... The other natspec
@> /// is allowed. Transfers to the zero address are not allowed, preventing accidental burns.
/// ... The other natspec
function _update(
address to,
uint256 streamId,
address auth
)
internal
override
updateMetadata(streamId)
returns (address)
{
// @audit missing address(0) check for to
address from = _ownerOf(streamId);
if (from != address(0) && !_streams[streamId].isTransferable) {
revert Errors.SablierFlowBase_NotTransferable(streamId);
}
return super._update(to, streamId, auth);
}
Impact
Accidental loss of the token by burning it.
Tools Used
Manual review.
Recommendations
function _update(
address to,
uint256 streamId,
address auth
)
internal
override
updateMetadata(streamId)
returns (address)
{
+ require( to != address(0), "Invalid address");
address from = _ownerOf(streamId);
if (from != address(0) && !_streams[streamId].isTransferable) {
revert Errors.SablierFlowBase_NotTransferable(streamId);
}
return super._update(to, streamId, auth);
}
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
69929 USDC / LOC
19,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.