Flow

Sablier
FoundryDeFi
20,000 USDC
View results
Submission Details
Severity: high
Invalid

Local variable shadowing in SablierFlow::_withdraw function can cause confusion and bugs in the code.

Summary

The _withdraw function in the SablierFlow contract has a local variable named protocolFee that shadows a state variable of the same name from the SablierFlowBase contract. This shadowing can lead to confusion and potential bugs, making it unclear which protocolFee is being referenced in calculations.

Vulnerability Details

The _withdraw function in the SablierFlow contract shadows the protocolFee state variable from the base contract (SablierFlowBase) with a local variable of the same name.

Impact

This shadowing can lead to confusion and potential bugs in the code. It might not be clear if the local protocolFee refers to the total protocol fee or the protocol fee for the current token. If the intention is to use the base contract's protocolFee, using the same name for the local variable might lead to incorrect calculations or logic errors.

Tools Used

Recommendations

Rename the local variable to avoid shadowing. For example:

UD60x18 localProtocolFee = protocolFee[token];

Then use localProtocolFee instead of protocolFee in the subsequent calculations.
This change improves code clarity and reduces the risk of unintended behavior due to naming conflicts. It ensures that the correct protocolFee is being used in the calculations, preventing potential logical errors.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Appeal created

auditbyte Submitter
8 months ago
inallhonesty Lead Judge
8 months ago
inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.