If the stream is a sale recover tokens function won't work.
Proof of Concept
Context :
The function recover tokens uses balance - (depositTokenAmount- redeemedDepositTokens) to compute excess deposit tokens.
RedeemedDepositTokens keeps track of tokens that were redeemed using the claimDepositTokens function.
Problem :
If the stream is a sale the tokens are redeemed using creatorClaimSoldTokens and redeemedDepositTokens won't be updated.
Consequence :
If the stream is a sale redeemedDepositTokens will be 0. The function will become unusable because if tokens are claimed (with function to claim sales) the contract's balance will decrease. As a result ERC20(token).balanceOf(address(this)) - (depositTokenAmount - 0) will revert and excess tokens will be locked.
Tools Used
Manual
Recommended Mitigation Steps
Update redeemedDepositTokens in creatorClaimSoldTokens .
0xean
commented
2 years ago
Handle
pedroais
Vulnerability details
Impact
If the stream is a sale recover tokens function won't work.
Proof of Concept
Context : The function recover tokens uses balance - (depositTokenAmount- redeemedDepositTokens) to compute excess deposit tokens. RedeemedDepositTokens keeps track of tokens that were redeemed using the claimDepositTokens function.
https://github.com/code-423n4/2021-11-streaming/blob/56d81204a00fc949d29ddd277169690318b36821/Streaming/src/Locke.sol#L654
Problem : If the stream is a sale the tokens are redeemed using creatorClaimSoldTokens and redeemedDepositTokens won't be updated.
Consequence : If the stream is a sale redeemedDepositTokens will be 0. The function will become unusable because if tokens are claimed (with function to claim sales) the contract's balance will decrease. As a result ERC20(token).balanceOf(address(this)) - (depositTokenAmount - 0) will revert and excess tokens will be locked.
Tools Used
Manual
Recommended Mitigation Steps
Update redeemedDepositTokens in creatorClaimSoldTokens .