Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Unchecked zero address for recipient in 'SablierFlow::_create'

securechain

Description: In 'ISablierFlow::create' the documentation states that it is a requirement that the recipient can not be the zero address. However, there is no check for the recipient being the zero address in 'SablierFlow::_create'. As a result, the recipient can be set to the zero address.

Impact: If the recipient is set to the zero address, it would violate the ERC721 standard which does not allow minting to the zero address and since it is a requirement based on the 'ISablierFlow::create' documentation it should be checked.

Proof of Concept:

function _create(
address sender,
address recipient,
UD21x18 ratePerSecond,
IERC20 token,
bool transferable
)
internal
returns (uint256 streamId)
{
// Check: the sender is not the zero address.
@> if (sender == address(0)) {
revert Errors.SablierFlow_SenderZeroAddress();
}

Recommended Mitigation:

  • Add a check for the recipient being the zero address and an error for the recipient being the zero address in 'Errors.sol'.

function _create(
address sender,
address recipient,
UD21x18 ratePerSecond,
IERC20 token,
bool transferable
)
internal
returns (uint256 streamId)
{
// Check: the sender is not the zero address.
if (sender == address(0)) {
revert Errors.SablierFlow_SenderZeroAddress();
}
+ // Check: the recipient is not the zero address.
+ if (recipient == address(0)) {
+ revert Errors.SablierFlow_RecipientZeroAddress();
+ }
Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.