The rather harsh requirement of tokenAmount makes it inapplicable for certain tokens
Summary
The requirements for tokenAmount >= stopTime - startTime will not be suitable for all tokens and therefore need to be made less applicable for certain tokens like WBTC and EURS.
Vulnerability Detail
Requiring the tokenAmount >= stopTime - startTime is suitable for USDC and WETH.
However, such requirements will be a bit too harsh for other popular tokens, eg, WBTC (decimals: 8) and EURS (decimals: 2). Therefore, make the system less applicable for those tokens.
For WBTC, it must be 0.31536 WBTC per year (worth about $5,400) to meet this requirement, and for EURS, it must be at least 315,360 EURS per year (worth about $315,000).
Impact
The system will be inapplicable for certain tokens with higher per wei value, eg, WBTC and EURS.
WATCHPUG
medium
The rather harsh requirement of
tokenAmount
makes it inapplicable for certain tokensSummary
The requirements for
tokenAmount >= stopTime - startTime
will not be suitable for all tokens and therefore need to be made less applicable for certain tokens like WBTC and EURS.Vulnerability Detail
Requiring the
tokenAmount >= stopTime - startTime
is suitable for USDC and WETH.However, such requirements will be a bit too harsh for other popular tokens, eg, WBTC (
decimals: 8
) and EURS (decimals: 2
). Therefore, make the system less applicable for those tokens.For WBTC, it must be
0.31536 WBTC
per year (worth about $5,400) to meet this requirement, and for EURS, it must be at least315,360 EURS
per year (worth about $315,000).Impact
The system will be inapplicable for certain tokens with higher per wei value, eg, WBTC and EURS.
Code Snippet
https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/StreamFactory.sol#L200
Tool used
Manual Review
Recommendation
Consider changing to
tokenAmount * RATE_DECIMALS_MULTIPLIER >= stopTime - startTime
.