Closed code423n4 closed 2 years ago
hubble
Value of unstreamed public variable is not correct after stream depositor withdraws an amount before end of the stream.
File :Locke.sol Contract / Function : Stream / withdraw Line : 469 totalVirtualBalance -= virtualBal; depositTokenAmount -= amount;
Manual review
Add a line to update the value of unstreamed like below
File :Locke.sol Contract / Function : Stream / withdraw Line : 469
totalVirtualBalance -= virtualBal; depositTokenAmount -= amount; unstreamed -= amount;
dupe of #118
0xean
commented
2 years ago 0xean
commented
2 years ago
Handle
hubble
Vulnerability details
Impact
Value of unstreamed public variable is not correct after stream depositor withdraws an amount before end of the stream.
Proof of Concept
File :Locke.sol Contract / Function : Stream / withdraw Line : 469 totalVirtualBalance -= virtualBal; depositTokenAmount -= amount;
Tools Used
Manual review
Recommended Mitigation Steps
Add a line to update the value of unstreamed like below
File :Locke.sol Contract / Function : Stream / withdraw Line : 469