Flow

The _refund function in the SablierFlow contract allows users to request refunds based on the calculated refundable amount. However, the function does not enforce strict checks to prevent manipulation of refund amounts, which could lead to the potential loss of funds for depositors. Specifically, if a sender were to invoke the refund function repeatedly without sufficient checks, it could deplete the stream's balance and expose depositors to the risk of losing their tokens.

Vulnerability Details

The check for the refundable amount allows the sender to request refunds that may not accurately reflect the remaining funds in the contract.

Lack of adequate access control and validation could allow malicious users to exploit this and withdraw more than their entitled share of funds.

Impact

This vulnerability could lead to a significant loss of funds for users who deposit tokens into the stream, undermining trust in the protocol. If exploited, it could allow a sender to drain the contract's funds, causing financial harm to both the recipients and depositors.

Tools Used

Manual code review of the SablierFlow contract on GitHub.

Recommendations

Implement stricter checks and balances within the _refund function to ensure that refunds can only be processed within the limits of the refundable amount.

Consider additional access control measures to prevent unauthorized refund requests.

Perform regular audits of the contract to identify similar vulnerabilities.

Feel free to adjust any parts of this submission to better match your findings and insights. Once you’re satisfied with the details, you can fill them into the submission fields on the contest site.