Recipient is not guaranteed to receive all the tokenAmount()
Summary
The Recipient is not guaranteed to receive all the tokenAmount()
Vulnerability Detail
If cancel() invoked by PAYER before the stopTime() reaches out, the Recipient will lose the remaining amount
because this line
remainingBalance = 0;
Impact
The PAYER can cancel the stream at any time (and the Recipient will lose the rest)
The PAYER can invoke cancel() in case blockTime < startTime()
Code Snippet
function cancel() external onlyPayerOrRecipient {
address payer_ = payer();
address recipient_ = recipient();
IERC20 token_ = token();
uint256 recipientBalance = balanceOf(recipient_);
// This zeroing is important because without it, it's possible for recipient to obtain additional funds
// from this contract if anyone (e.g. payer) sends it tokens after cancellation.
// Thanks to this state update, `balanceOf(recipient_)` will only return zero in future calls.
remainingBalance = 0;
if (recipientBalance > 0) token_.safeTransfer(recipient_, recipientBalance);
// Using the stream's token balance rather than any other calculated field because it gracefully
// supports cancelling the stream even if payer hasn't fully funded it.
uint256 payerBalance = tokenBalance();
if (payerBalance > 0) {
token_.safeTransfer(payer_, payerBalance);
}
emit StreamCancelled(msg.sender, payer_, recipient_, payerBalance, recipientBalance);
}
Ch_301
unlabeled
Recipient
is not guaranteed to receive all thetokenAmount()
Summary
The Recipient is not guaranteed to receive all the
tokenAmount()
Vulnerability Detail
If
cancel()
invoked by PAYER before thestopTime()
reaches out, the Recipient will lose the remaining amount because this lineImpact
cancel()
in caseblockTime < startTime()
Code Snippet
https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/Stream.sol#L237-L259
Tool used
Manual Review
Recommendation
The PAYER should not be able to cancel the stream may be just stopping it for some time