Flow

Sablier
FoundryDeFi
20,000 USDC
View results
Submission Details
Severity: low
Invalid

Incorrect calculation of `solvencyAmount` in `SablierFlow.sol::depletionTimeOf()`.

Summary

Incorrect calculation of solvencyAmountin SablierFlow.sol::depletionTimeOf() results in incorrect return value of function.

Vulnerability Details

The depletionTimeOf function in the provided Solidity code is designed to calculate and return the depletion time of a specific stream identified by streamId. The depletion time typically refers to the point in time when the stream's balance will be exhausted, assuming no additional funds are added. When solvencyAmountis calculated via the line -

https://github.com/Cyfrin/2024-10-sablier/blob/8a2eac7a916080f2022527408b004578b21c51d0/src/SablierFlow.sol#L92

uint256 solvencyAmount = balanceScaled - snapshotDebtScaled + oneMVTScaled;

ButsnapshotDebtScaled is never updated by adding _ongoingDebtScaleOf, so in the formula above the totalDebt is not considered, only snapshotDebt is considered for calculation, which contradicts the defination of how solvencyAmountis calculated.

Impact

Incorrect solvencyAmount will result in incorrect solvencyPeriod , which will result in incorrect depletionTime

Tools Used

Manual

Recommendations

Update snapshotDebtScaled with _ongoingDebt like snapshotDebtScaled = snapshotDebtScaled + _ongoingDebt , then use it in the formula for solvencyAmount.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.