Handle

0x0x0x

Vulnerability details

Concept

On recoverTokens function in Stream. Excess amount of deposit token is calculated as follows:

uint256 excess = ERC20(token).balanceOf(address(this)) - (depositTokenAmount - redeemedDepositTokens);

This calculation does not include depositTokenFlashloanFeeAmount. Therefore they can be claimed by the streamCreator altough they are for factory reward. I consider this as a high risk, since profits of factory can get stolen and anyone create a stream.

Futhermore, those fees can be still claimed by the governance, which results at less than expected depositToken in contract. Therefore, user funds get lost.

Mitigation step

Add depositTokenFlashloanFeeAmount to the calculation.

The text was updated successfully, but these errors were encountered:

All reactions