Unbounded Rate Adjustment in adjustRatePerSecond Function
Summary
https://github.com/Cyfrin/2024-10-sablier/blob/main/src/SablierFlow.sol
In the adjustRatePerSecond function, the newRatePerSecond parameter is allowed to be set to any value without constraint. Allowing unbounded adjustments could lead to a range of issues, including overflows, underflows, or calculations that yield impractically large or small values. Since ratePerSecond is likely critical in the flow’s debt or balance calculations, an extreme rate may cause significant inaccuracies or disrupt the flow’s intended behavior.
Vulnerability Details
Impact
If the ratePerSecond is set to an unreasonably high or low value:
Overflow/Underflow: An excessively high rate could cause overflows in related calculations, potentially leading to corrupted balances.
Economic Loss: A very low rate could affect the integrity of the debt-tracking mechanism, leading to lost or misallocated funds.
Gas Inefficiency: If
ratePerSecondimpacts functions that run multiple iterations based on the rate, an unbounded rate could increase gas costs substantially, making interactions impractical.
Tools Used
Recommendations
Bounds Check: Implement upper and lower limits for newRatePerSecond to ensure it remains within a safe, expected range. Define MAX_RATE and MIN_RATE constants based on typical usage patterns and the economic assumptions of your protocol.
Overflow Protection: If newRatePerSecond directly impacts calculations, consider using safe math libraries or custom overflow checks in functions relying on the rate to prevent runtime errors.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.