include `sender` and `recipient` in deposit

sablier-labs / flow

🍃 Smart contracts of the Sablier Flow protocol.

Other

10 stars 2 forks source link

include `sender` and `recipient` in deposit #300

Closed smol-ninja closed 1 month ago

smol-ninja commented 1 month ago

As per Cantina finding 7, deposits are susceptible of reorg attacks. Thus, include sender and recipient in deposit's input parameters. This would avoid stealing funds from depositors during chain re-orgs.

andreivladbrg commented 1 month ago

update on this: token should also be included

should we have a bytes param instead of 3 separate params? which would decoded into:

(address sender, address recipient, address token) = abi.decode(data, (address, address, address));

smol-ninja commented 1 month ago

umm I think you may have missed this conversation on Slack.

andreivladbrg commented 1 month ago

yes, i have