Flow

Sablier
FoundryDeFi
20,000 USDC
View results
Submission Details
Severity: medium
Invalid

Fee on transfer tokens not supported in Flow

Summary

In the _deposit function, the amount added in deposit could be less than the actual amount gotten from the token.transferFrom which could lead to a discrepancy between _streams[streamId].balance and actual value transferred to the Flow contract.

Vulnerability Details

In the _deposit function as seen at https://github.com/Cyfrin/2024-10-sablier/blob/main/src/SablierFlow.sol#L624

// Effect: update the stream balance.
_streams[streamId].balance += amount;
unchecked {
// Effect: update the aggregate balance.
aggregateBalance[token] += amount;
}
// Interaction: transfer the amount.
token.safeTransferFrom({ from: msg.sender, to: address(this), value: amount });

We can see the amount added to _streams[streamId].balance is the amount intended to be deposit, but token.safeTransferFrom({ from: msg.sender, to: address(this), value: amount }); could send a different value due to fee on transfer weird tokens, so that transferAmount <= amount

Impact

This could lead to accrued debt on protocol and DOS when user intend to withdraw, for example withdrawMax could fail and value gotten from stream could always be smaller than intended amount.

Tools Used

Manual Review

Recommendations

check the amount gotten through transferFrom, with either

  • check balanceOf token before transfer and balanceAfter, to get the actual amount gotten and add it to the _streams[streamId].balance

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.