StreamFactory.sol: Fee-on-transfer tokens not supported in "createAndFundStream" function
Summary
The StreamFactory.createAndFundStream function allows to create a stream with a tokenAmount and fund it with this tokenAmount.
This does not work correctly for fee-on-transfer tokens.
Vulnerability Detail
For a fee-on-transfer tokens, the amount received by the stream contract is not equal to the tokenAmount.
The Stream should be created with a token amount that is equal to the amount that is received by the stream after the transfer.
Impact
The tokens sent to the Stream will not be sufficient to pay the recipient.
Calculate the predicted stream address.
Calculate the difference in the balance of the stream address before and after the token transfer.
Create the stream with this calculated token amount.
HollaDieWaldfee
medium
StreamFactory.sol: Fee-on-transfer tokens not supported in "createAndFundStream" function
Summary
The
StreamFactory.createAndFundStreamfunction allows to create a stream with atokenAmountand fund it with thistokenAmount. This does not work correctly for fee-on-transfer tokens.Vulnerability Detail
For a fee-on-transfer tokens, the amount received by the stream contract is not equal to the
tokenAmount. TheStreamshould be created with a token amount that is equal to the amount that is received by the stream after the transfer.Impact
The tokens sent to the
Streamwill not be sufficient to pay the recipient.Code Snippet
https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/StreamFactory.sol#L111-L121
Tool used
Manual Review
Recommendation
Calculate the predicted stream address. Calculate the difference in the balance of the stream address before and after the token transfer. Create the stream with this calculated token amount.