Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unrestricted Rate Modification in adjustRatePerSecond

unu5464

Summary

The adjustRatePerSecond function allows a sender to modify the streaming rate (ratePerSecond) of a specific stream identified by streamId.
This change can be made multiple times within the same block, provided the new rate is non-zero. While the function includes checks and updates
to ensure a valid change, it lacks constraints on the frequency of adjustments.

Vulnerability Details

The function allows the sender to modify the ratePerSecond parameter multiple times in the same block without any restrictions.
The current setup does not impose a limit on the frequency or timing of these adjustments.

function _adjustRatePerSecond(uint256 streamId, UD21x18 newRatePerSecond) internal {
// Check: the new rate per second is different from the current rate per second.
if (newRatePerSecond.unwrap() == _streams[streamId].ratePerSecond.unwrap()) {
revert Errors.SablierFlow_RatePerSecondNotDifferent(streamId, newRatePerSecond);
}
uint256 ongoingDebtScaled = _ongoingDebtScaledOf(streamId);
// Update the snapshot debt only if the stream has ongoing debt.
if (ongoingDebtScaled > 0) {
// Effect: update the snapshot debt.
_streams[streamId].snapshotDebtScaled += ongoingDebtScaled;
}
// Effect: update the snapshot time.
_streams[streamId].snapshotTime = uint40(block.timestamp);
// Effect: set the new rate per second.
_streams[streamId].ratePerSecond = newRatePerSecond;
}

Impact

sender can change the rps multiple times within same block.

Recommendations

Add time check to prevent multiple update of rps in same block.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.