Potential for Idle Funds: Since the Function _create, doesn’t account for any pre-existing streamed tokens.
Summary
The Create function on SablierFlow.sol, doesn’t checks whether the entire streamed amount has been withdrawn from the stream this can lead to the remaining balance becomes locked.
Vulnerability Details
The function _create, doesn't checks whether the entire streamed amount has been withdrawn from the stream before updating the stream states in the contract.
Since the Sender has the ability to change rps, pause, restart, void and refund from the stream. Sender can also withdraw from the stream as long as the to address is set to the receiver and claim back the un-streamed amount. But streamed balance upto the elapsed time can still be claimed by the receiver.
It is rare to happen but imagine in a scenario where a sender has multiple payments or just a single payment and he or she forgot to claim back even after fully paid the debt the funds maybe locked, we should not assume that the sender is up to his or her task.
Impact
No way to recover the "orphaned" balance
Tools Used
manual
Recommendations
Check if there's any remaining balance
Ensure all funds are withdrawn or handled
Only then allow state updates
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.