083.md

Striped Fiery Lark

Medium

streamLengthInTicks is set to the wrong value

Summary

Inside the provided docs it's well described how the ticks at which the stream should be distributed are 1460

b. streamLengthInTicks = 1460, i.e. roughly 4 years.

and

Noun owners may also fast-forward their stream if they wish to fund the DAO faster than the default stream setting of 4 years linearly.

However inside the actual upgrade code it's 1500 ticks. This might look like a minor change, however it should be noted that each tick is 24 hours, meaning the real spread is not over 4 years, but 4 years and 1.5 months.

https://github.com/sherlock-audit/2024-11-nounsdao/blob/main/nouns-monorepo/packages/nouns-contracts/script/StreamEscrow/ProposeUpgradeAHV3.s.sol#L42

        targets[1] = AUCTION_HOUSE_PROXY_SEPOLIA;
        signatures[1] = 'setStreamEscrowParams(address,uint16,uint16)';
        calldatas[1] = abi.encode(STREAM_ESCROW_SEPOLIA, 2000, 1500);

Root Cause

Wrong set up of contracts

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

The spread will be more than the one provided inside the docs, causing the funds to be distributed over a much longer period of time.

PoC

No response

Mitigation

Consider changing it to 1460 in order to match the docs and to distribute the funds over those 4 years, as 365 * 4 = 1460.