Closed chasebrownn closed 6 months ago
I actually don't believe this to be the case. I'm assuming by "misbehave" you're referring to the potential of those assets never being accessed since whenever we iterate over claimable revenue we skip the first element in cycles
, but If there's a deposit at the same time that the contract is initialized, the contract would still push another cycle into the cycles array since revenue[timestamp] == 0. There's actually a test case for this in RevenueStreamETH.t.sol:test_revStreamETH_depositETH
RSE-01M: Deployment Deposit Flaw
Description:
The
RevenueStreamETH
contract will significantly misbehave if a deposit is made after it has been initialized.Impact:
The likelihood of this vulnerability manifesting is low, however, it is something we advise be rectified.
Example:
Recommendation:
We advise the code to push a cycle different than the current
block.timestamp
, ensuring that theRevenueStreamETH::depositETH
function will behave as expected regardless of the time it is invoked in.