search

sherlock-audit / 2022-11-nounsdao-judging

4 stars 0 forks source link

bin2chen - rescueERC20() restriction problem #2

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

bin2chen

low

rescueERC20() restriction problem

Summary

rescueERC20() Recover ERC20 tokens accidentally sent to this stream. but can't recover stream's payment token

so if stream's payment token accidentally sent more then tokenAmount() , only get token back by call #cacel() and need wait time out. It is suggested that you can get the extra amount back.

Vulnerability Detail

can't recover stream's payment token 

    function rescueERC20(address tokenAddress, uint256 amount) external onlyPayer {
        if (tokenAddress == address(token())) revert CannotRescueStreamToken();

        IERC20(tokenAddress).safeTransfer(msg.sender, amount);
    }

Impact

if pay more, get token back by call #cacel() and need wait time out.

Code Snippet

https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/Stream.sol#L269

Tool used

Manual Review

Recommendation

can get the extra amount back.

    function rescueERC20(address tokenAddress, uint256 amount) external onlyPayer {
-       if (tokenAddress == address(token())) revert CannotRescueStreamToken();

+       if (tokenAddress == address(token()) && tokenBalance() - amount < remainingBalance) revert CannotRescueStreamToken();

        IERC20(tokenAddress).safeTransfer(msg.sender, amount);
    }