Debt Manipulation Through Solvency Checks Allows Bypassing of Debt Obligations
Summary
In SablierFlow.sol, debt management functions such as _coveredDebtOf, _uncoveredDebtOf, and _ongoingDebtScaledOf rely on snapshot times and rates, which may not cover edge cases. This setup could allow an attacker to manipulate debt calculations by timing updates to reduce debt obligations.
Vulnerability Details
Debt functions depend on snapshot times for calculating solvency, potentially allowing an attacker to avoid full debt payments by delaying updates:
An attacker could exploit this by creating a stream with specific timing conditions, then delaying snapshot updates to reduce or evade debt obligations.
Impact
Debt manipulation could lead to:
Reduced or avoided debt for malicious users, compromising protocol integrity.
Financial discrepancies, affecting users and the protocol’s solvency calculations.
Tools Used
Manual code review
Recommendations
Introduce stricter checks on snapshot times and rate updates to prevent manipulation, ensuring debt calculations remain accurate.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.