Flow

Sablier
FoundryDeFi
20,000 USDC
View results
Submission Details
Severity: high
Invalid

Integer Underflow/Overflow Risks in Balance Management

Description

location : src/SablierFlow.sol

The contract performs arithmetic operations on balances and amounts without consistently checking for potential underflows or overflows, especially in cases where unchecked blocks are used.

code:

// Safe to use unchecked because at this point, the amount cannot exceed the balance.
unchecked {
// Effect: update the stream balance.
_streams[streamId].balance -= amount;
// Effect: update the aggregate balance.
aggregateBalance[token] -= amount;
}

While the comment notes that it's safe to use unchecked, any errors in earlier logic or unforeseen circumstances could cause these operations to underflow, particularly if external calls manipulate state in unexpected ways.

Impact

If an underflow occurs, balances could wrap around to a very large number, potentially leading to incorrect balances and unauthorized withdrawals.

Recommendation

  • Avoid unchecked Unless Necessary: Remove unchecked blocks unless absolutely certain that underflows cannot occur.

  • Use SafeMath for Critical Arithmetic: Although Solidity 0.8+ has built-in overflow checks, explicitly ensuring safety in critical operations is prudent.

Replace the unchecked block with normal arithmetic, which will revert on underflow.

// Update the stream balance.
_streams[streamId].balance -= amount;
// Update the aggregate balance.
aggregateBalance[token] -= amount;

Ensure that all arithmetic operations are safe and cannot underflow or overflow.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Too generic
inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.