Arbitrary voiding of stream affects several flow NFT use cases
Summary
stream recipient might need to keep stream solvent via deposit to sell the nft, the stream sender can unknowingly/maliciously void it to the direct detriment of the stream recipient.
Vulnerability Details
Stream recipinet might need to sell stream NFT with solvency( to remain attractive) or use as collateral based on pre-agreed balance, and stream sender can arbitrarily impede this by calling voidwhich forfeits all uncovered debt.
Impact
In the sablier docs - under use cases, there are situations where streams can be used as collateral, and they buyer might need to increase the value of thier collateral by deposits which are impossible when the stream is voided. leaving an insolvent stream running does nothing to the sender, but voiding it only affects the recipient.
`Deposits cannot be made on voided streams`
Tools Used
Manual Review
Recommendations
Sender should not be able to singularaly void ream as it only affects the recipient.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.