Fee on transfer tokens not supported in Flow
Summary
In the _deposit function, the amount added in deposit could be less than the actual amount gotten from the token.transferFrom which could lead to a discrepancy between _streams[streamId].balance and actual value transferred to the Flow contract.
Vulnerability Details
In the _deposit function as seen at https://github.com/Cyfrin/2024-10-sablier/blob/main/src/SablierFlow.sol#L624
We can see the amount added to _streams[streamId].balance is the amount intended to be deposit, but token.safeTransferFrom({ from: msg.sender, to: address(this), value: amount }); could send a different value due to fee on transfer weird tokens, so that transferAmount <= amount
Impact
This could lead to accrued debt on protocol and DOS when user intend to withdraw, for example withdrawMax could fail and value gotten from stream could always be smaller than intended amount.
Tools Used
Manual Review
Recommendations
check the amount gotten through transferFrom, with either
check balanceOf token before transfer and balanceAfter, to get the actual amount gotten and add it to the _streams[streamId].balance
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.