Mysterious Onyx Butterfly
Medium
The lack of validation for ethPerTick in the createStream function allows the creation of ineffective streams when msg.value is too small relative to streamLengthInTicks. This happens because the division msg.value / streamLengthInTicks can result in ethPerTick = 0, rendering the stream non-functional. As a result, users may unknowingly waste gas and ETH, with the remaining funds being directly sent to the DAO treasury instead of being distributed through the stream. Adding a validation check to ensure ethPerTick > 0 would prevent this issue and maintain the intended functionality of the streaming mechanism.
In the createStream function
uint128 ethPerTick = toUint128(msg.value / streamLengthInTicks); There is no explicit check to ensure that ethPerTick is greater than zero. If msg.value is very small relative to streamLengthInTicks, the division can result in ethPerTick = 0.
msg.value is less than streamLengthInTicks, causing msg.value / streamLengthInTicks to truncate to zero.
A low msg.value is sent with the transaction, making it insufficient to divide across the streamLengthInTicks.
A user or a trusted caller sends a very small msg.value and a large streamLengthInTicks to the createStream function. The division results in ethPerTick = 0, making the stream ineffective. The remaining msg.value % streamLengthInTicks is sent to the DAO treasury, bypassing the stream mechanism.
Non-functional Stream: The stream created is ineffective (ethPerTick = 0), defeating its purpose. Gas and ETH Wasted: Users may unknowingly waste gas and ETH while achieving no meaningful result.
No response
No response