When the tokens sent by the payer to the stream are greater than tokenAmount, the excess tokens can only be withdrawn by calling cancel()
Summary
The rescueERC20 function can only be used to withdraw tokens other than token() in the contract. When the token sent by the payer to the stream is greater than tokenAmount, the excess token can only be withdrawn by calling cancel()
Vulnerability Detail
The maximum number of tokens vested to the recipient in the contract is tokenAmount(). If the number of tokens sent by the payer to the contract is greater than tokenAmount(), the excess tokens cannot be withdrawn by the rescueERC20(), and the payer can only withdraw the excess tokens by calling cancel()
Impact
When the token sent by the payer to the stream is greater than tokenAmount, the excess token can only be withdrawn by calling cancel().
cccz
medium
When the tokens sent by the payer to the stream are greater than tokenAmount, the excess tokens can only be withdrawn by calling cancel()
Summary
The rescueERC20 function can only be used to withdraw tokens other than token() in the contract. When the token sent by the payer to the stream is greater than tokenAmount, the excess token can only be withdrawn by calling cancel()
Vulnerability Detail
The maximum number of tokens vested to the recipient in the contract is tokenAmount(). If the number of tokens sent by the payer to the contract is greater than tokenAmount(), the excess tokens cannot be withdrawn by the rescueERC20(), and the payer can only withdraw the excess tokens by calling cancel()
Impact
When the token sent by the payer to the stream is greater than tokenAmount, the excess token can only be withdrawn by calling cancel().
Code Snippet
https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/Stream.sol#L268-L272 https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/Stream.sol#L237-L259
Tool used
Manual Review
Recommendation
Consider allowing rescueERC20 to withdraw the excess token()
Duplicate of #28