rescueERC20() Recover ERC20 tokens accidentally sent to this stream. but can't recover stream's payment token
so if stream's payment token accidentally sent more then tokenAmount() , only get token back by call #cacel() and need wait time out.
It is suggested that you can get the extra amount back.
Vulnerability Detail
can't recover stream's payment token
function rescueERC20(address tokenAddress, uint256 amount) external onlyPayer {
if (tokenAddress == address(token())) revert CannotRescueStreamToken();
IERC20(tokenAddress).safeTransfer(msg.sender, amount);
}
Impact
if pay more, get token back by call #cacel() and need wait time out.
bin2chen
low
rescueERC20() restriction problem
Summary
rescueERC20() Recover ERC20 tokens accidentally sent to this stream. but can't recover stream's payment token
so if stream's payment token accidentally sent more then tokenAmount() , only get token back by call #cacel() and need wait time out. It is suggested that you can get the extra amount back.
Vulnerability Detail
can't recover stream's payment token
Impact
if pay more, get token back by call #cacel() and need wait time out.
Code Snippet
https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/Stream.sol#L269
Tool used
Manual Review
Recommendation
can get the extra amount back.