Flow

Sablier

FoundryDeFi

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incorrect Debt-Balance Comparison Logic in `depletionTimeOf`

0xbeastboy

Summary

The depletionTimeOf function in the SablierFlow contract has a discrepancy between the interface comment and the actual implementation. The interface specifies that the function should return 0 if the total debt is less than or equal to the stream balance. However, the implementation checks for the condition where the total debt is greater than or equal to the stream balance plus one minimum transferable unit (oneMVTScaled). This misalignment can lead to unexpected behavior and impact the reliability of the depletion logic.

Vulnerability Details

The interface comment for depletionTimeOf states:

"Return 0 if the total debt is less than or equal to the stream balance."

The function implementation, however, uses the condition:

if (snapshotDebtScaled + _ongoingDebtScaledOf(streamId) >= balanceScaled + oneMVTScaled) {

return 0;

}

This condition returns 0 if the total debt is greater than or equal to the balance plus oneMVTScaled, rather than when the total debt is less than or equal to the balance as the interface suggests.

The expected behavior, according to the interface, is:

if (snapshotDebtScaled + _ongoingDebtScaledOf(streamId) <= balanceScaled) {

return 0;

}

This corrected logic would ensure that the function returns 0 precisely when the total debt is less than or equal to the stream balance, which is what the interface describes.

The misalignment appears to result from a misunderstanding or misapplication of the comparison logic. The current check implies that the function intends to detect scenarios where the debt has surpassed the balance by at least one minimum unit (oneMVTScaled). This behavior deviates from the stated intention to return 0 as long as the debt does not exceed the balance.

Impact

If the total debt is exactly equal to the balance (without exceeding it), the function should return 0, indicating no depletion. Instead, it currently calculates a depletion time even when the debt matches the balance, which could lead to unintended depletion processing.

Given the discrepancy between documentation and behavior, users might experience confusion when depletionTimeOf does not function as documented. This could reduce trust in the contract’s transparency and reliability, especially when balances are marginal.

Contracts or applications relying on depletionTimeOf for precise financial calculations or time-bound logic might malfunction in edge cases where the debt equals the balance. If the function incorrectly returns a depletion time rather than 0, it may trigger unintended outcomes, such as early termination of streams, incorrect accounting, or erroneous fund distribution.

Tools Used

Manual Review

Recommendations

Update the conditional logic in depletionTimeOf to match the interface comment.

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

0xbeastboy Submitter

9 months ago

inallhonesty Lead Judge

9 months ago

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

699

29 USDC / LOC

High Medium

19,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.