include `sender` and `recipient` in deposit

sablier-labs / flow

🍃 Smart contracts of the Sablier Flow protocol.

Other

8 stars 0 forks source link

include `sender` and `recipient` in deposit #300

Closed smol-ninja closed 2 days ago

smol-ninja commented 6 days ago

As per Cantina finding 7, deposits are susceptible of reorg attacks. Thus, include sender and recipient in deposit's input parameters. This would avoid stealing funds from depositors during chain re-orgs.

andreivladbrg commented 4 days ago

update on this: token should also be included

should we have a bytes param instead of 3 separate params? which would decoded into:

(address sender, address recipient, address token) = abi.decode(data, (address, address, address));

smol-ninja commented 4 days ago

umm I think you may have missed this conversation on Slack.

andreivladbrg commented 4 days ago

yes, i have