Incorrect Calculation of ethPerTick Fails to Account for Immediate Remainder sent to DAO Treasury

Summary

In createStream.sol the ethPerTick value is calculated based on the entire msg.value, without accounting for the remainder that is immediately sent to the DAO. This results in an inflated ethPerTick value, leading to inaccurate representation of the funds available for streaming over the duration of the stream.

https://github.com/sherlock-audit/2024-11-nounsdao/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/StreamEscrow.sol#L112

Root Cause

No response

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

Misrepresentation of ethPerTick could cause inconsistencies in accounting or future calculations involving the stream.

PoC

Mitigation

Adjust the ethPerTick calculation to exclude the remainder which gets sent to DAO Treasury before determining the amount allocated per tick.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

006.md

006.md

Incorrect Calculation of ethPerTick Fails to Account for Immediate Remainder sent to DAO Treasury

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

006.md

Latest commit

History

006.md

File metadata and controls

Incorrect Calculation of ethPerTick Fails to Account for Immediate Remainder sent to DAO Treasury

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation