The Stream.claimFees function ensures that neither the depositToken nor the rewardToken balance has decreased.
It's enough to check that the token (parameter) has not decreased as the token is the only funds that are transferred out and all other functions of this contract are locked, i.e., there's no way to do a second .transfer out.
0xean
commented
2 years ago
Handle
cmichel
Vulnerability details
The
Stream.claimFeesfunction ensures that neither thedepositTokennor therewardTokenbalance has decreased. It's enough to check that thetoken(parameter) has not decreased as thetokenis the only funds that are transferred out and all other functions of this contract arelocked, i.e., there's no way to do a second.transferout.