MohammadX2049 - Stuck Funds in StreamEscrow Due to Lack of Periodic forwardAll() Calls #180
Comments
sherlock-admin4
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
MohammadX2049
Medium
Stuck Funds in StreamEscrow Due to Lack of Periodic forwardAll() Calls
Summary
The forwardAll() function in the StreamEscrow contract does not adhere to its documented behavior, which states that it forwards all pending ETH streams if at least minimumTickDuration seconds have passed since the last forward. Instead, it only forwards ETH streams for the same day, not all pending streams. Also If this function is not called regularly each day, the accumulated ETH remains in the contract. The contract lacks an internal mechanism to automatically trigger this function, relying solely on external calls.
Root Cause
In the StreamEscrow contract, the forwardAll() function is documented to forward all pending ETH streams if at least minimumTickDuration seconds have passed since the last forward.
https://github.com/sherlock-audit/2024-11-nounsdao/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/StreamEscrow.sol?plain=1#L132-L149
However, the implementation only forwards ETH streams for the same day, not all pending streams. This discrepancy arises from the line:
https://github.com/sherlock-audit/2024-11-nounsdao/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/StreamEscrow.sol?plain=1#L144
If this function is not called regularly, the accumulated ETH remains in the contract. The contract lacks an internal mechanism to automatically trigger this function, relying solely on external calls.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
No response
The text was updated successfully, but these errors were encountered: