Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Inconsistent Stream Status Check in `_unstakeVested` Function

daniel526

Summary

See Bellow

Vulnerability Details

In the FjordStaking contract, the _unstakeVested function lacks a crucial check for the stream status that is present in the stakeVested function. Specifically, the stakeVested function includes a validation to ensure that the stream is warm before proceeding:

if (sablier.isCold(_streamID)) revert NotAWarmStream();

This check ensures that only active (warm) streams are processed during staking. However, the _unstakeVested function does not implement a similar check:

function _unstakeVested(
address user,
uint256 streamID,
uint256 amount
) internal {
// ... existing code
// Missing check for stream status
// Check if the stream is still warm
}

Impact

The absence of this check in the _unstakeVested function could lead to issues where users attempt to unstake from a cold (inactive) stream. This could result in unintended behavior or incorrect state updates in the contract, potentially affecting user funds or the contract’s overall integrity.

Tools Used

Manual

Recommendations

Add a check in the _unstakeVested function to ensure that the stream is warm before allowing the unstaking operation.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

daniel526 Submitter
about 1 year ago
inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.