Withdraw and Cancel time can be circumvented _recipientBalance()
Summary
The balance is calculated using the startTime() of the stream, the amount of tokens that should be streamed, and the current rate at which tokens are being streamed. If the current block's timestamp is before the start time of the stream, the balance is 0. If the current block's timestamp is after the stop time of the stream, the balance is the total amount of tokens that should be streamed. Otherwise, the balance is calculated by multiplying the elapsed time by the rate per second, and dividing by a rate multiplier. Finally, the function takes any withdrawals into account by subtracting them from the balance.
Vulnerability Detail
someone to call a function that changes the time period elapsedTime() and _recipientBalance() , an attacker can call the function to reduce the time period and then immediately withdraw funds that should be locked.
Impact
Summary
Code Snippet
-if the current block time is less than the start time. If so, it returns 0.
-if the current block time is greater than the stop time. If so, it returns the token amount.
-Otherwise, it calculates the elapsed time between the start time and the current block time.
-It then multiplies the elapsed time by the rate per second.
-Finally, it divides the result by the rate per second to get the token balance.
yongkiws
medium
Withdraw
andCancel
time can be circumvented _recipientBalance()Summary
The balance is calculated using the
startTime()
of the stream, the amount of tokens that should be streamed, and the current rate at which tokens are being streamed. If the current block's timestamp is before the start time of the stream, the balance is 0. If the current block's timestamp is after the stop time of the stream, the balance is the total amount of tokens that should be streamed. Otherwise, the balance is calculated by multiplying the elapsed time by the rate per second, and dividing by a rate multiplier. Finally, the function takes any withdrawals into account by subtracting them from the balance.Vulnerability Detail
someone to call a function that changes the time period
elapsedTime()
and_recipientBalance()
, an attacker can call the function to reduce the time period and then immediately withdraw funds that should be locked.Impact
Summary
Code Snippet
-if the current block time is less than the start time. If so, it returns 0. -if the current block time is greater than the stop time. If so, it returns the token amount. -Otherwise, it calculates the elapsed time between the start time and the current block time. -It then multiplies the elapsed time by the rate per second. -Finally, it divides the result by the rate per second to get the token balance.
Tool used
Manual Review
Recommendation
The unlock timestamp should be increased by duration each time, instead of being reset to the duration.