rescueERC20() is not safe for tokens with multiple addresses
Summary
The function rescueERC20() did not follow the best practice and it does not protect the streaming token from being swept by the payer.
Vulnerability Detail
Some ERC20 tokens have multiple addresses and a comparison of the token address is not enough to protect the streaming token from being rescued. (Explained here).
function rescueERC20(address tokenAddress, uint256 amount) external onlyPayer {
if (tokenAddress == address(token())) revert CannotRescueStreamToken(); //@audit not enough protection
IERC20(tokenAddress).safeTransfer(msg.sender, amount);
}
Impact
The payer can sweep the token that is required for commitment to recipient.
hansfriese
medium
rescueERC20() is not safe for tokens with multiple addresses
Summary
The function
rescueERC20()did not follow the best practice and it does not protect the streaming token from being swept by the payer.Vulnerability Detail
Some ERC20 tokens have multiple addresses and a comparison of the token address is not enough to protect the streaming token from being rescued. (Explained here).
Impact
The payer can sweep the token that is required for commitment to recipient.
Code Snippet
https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/StreamFactory.sol#L268
Tool used
Manual Review
Recommendation
Check the before/after balances of the protocol for the streaming token instead of comparing the token address.
Duplicate of #52