The Stream.claimFees function ensures that neither the depositToken nor the rewardToken balance has decreased.
It's enough to check that the token (parameter) has not decreased as the token is the only funds that are transferred out and all other functions of this contract are locked, i.e., there's no way to do a second .transfer out.
Handle
cmichel
Vulnerability details
The
Stream.claimFees
function ensures that neither thedepositToken
nor therewardToken
balance has decreased. It's enough to check that thetoken
(parameter) has not decreased as thetoken
is the only funds that are transferred out and all other functions of this contract arelock
ed, i.e., there's no way to do a second.transfer
out.