Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

[M] Returning Error When Balance is Equal to Total Debt

fbi

Summary

According to the documentation, "If the stream balance is less than or equal to the total debt, return the stream balance." However, the case of equality between balance and total debt was not implemented.

Vulnerability Details

Here is the vulnerable function:

// If the stream balance is less than or equal to the total debt, return the stream balance.
if (balance < totalDebt) {
return balance;
}

As seen above, the implementation should have been balance <= totalDebtbut that was not the case.

In short, the protocol intent was not properly implemented here.

Impact

The impact is that debt will not be properly tracked -> a user in this case won't pay correct debt -> bad debt for the protocol.

Tools Used

Manual review.

Recommendations

Introduce assignment and less than.

function _coveredDebtOf(uint256 streamId) internal view returns (uint128) {
uint128 balance = _streams[streamId].balance;
// If the balance is zero, return zero.
if (balance == 0) {
return 0;
}
uint256 totalDebt = _totalDebtOf(streamId);
// If the stream balance is less than or equal to the total debt, return the stream balance.
+ if (balance <= totalDebt) {
return balance;
}
// At this point, the total debt fits within `uint128`, as it is less than or equal to the balance.
return totalDebt.toUint128();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

[INVALID]`_coveredDebtOf` discrepancy between condition and comment `balance < totalDebt`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.