Incorrect calculation of `solvencyAmount` in `SablierFlow.sol::depletionTimeOf()`.
Summary
Incorrect calculation of solvencyAmountin SablierFlow.sol::depletionTimeOf() results in incorrect return value of function.
Vulnerability Details
The depletionTimeOf function in the provided Solidity code is designed to calculate and return the depletion time of a specific stream identified by streamId. The depletion time typically refers to the point in time when the stream's balance will be exhausted, assuming no additional funds are added. When solvencyAmountis calculated via the line -
ButsnapshotDebtScaled is never updated by adding _ongoingDebtScaleOf, so in the formula above the totalDebt is not considered, only snapshotDebt is considered for calculation, which contradicts the defination of how solvencyAmountis calculated.
Impact
Incorrect solvencyAmount will result in incorrect solvencyPeriod , which will result in incorrect depletionTime
Tools Used
Manual
Recommendations
Update snapshotDebtScaled with _ongoingDebt like snapshotDebtScaled = snapshotDebtScaled + _ongoingDebt , then use it in the formula for solvencyAmount.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.