Fjord Token Staking

Summary

unbid function allows zero amount withdrawals and a possbile Denial of Service (DoS).

Vulnerability Details

The unbid function allows users to call the function with a zero amount, resulting in an unnecessary event emission and potential confusion or misrepresentation of user actions.

https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordAuction.sol#L159C5-L176C6

The unbid function is designed to allow users to withdraw their bids from an auction. Currently, there is no check to prevent users from calling unbid with an amount of zero.

Here's a practical scenerio:

When a user calls bid() and has a bid of say 200.

Then the user calls unbid(0), the function will:

• Not revert or throw an error

• Not modify the user's bid amount or the total bids

• Not transfer any tokens

• Still emit a BidWithdrawn event with an amount of zero

Here's a possible DoS:

A malicious user can repeatedly call the unbid function with an amount of 0.

• Each call will go through all the checks and execute the function body.

• While no state is changed (subtracting 0 doesn't alter balances), the function still:

  • Performs several read operations (checking auction end time, reading user's bid balance)

  • Executes a token transfer of 0 amount

  • Emits an event

An attacker could flood the network with these zero-amount unbid transactions, filling up blocks and crowding out other legitimate transactions. While each transaction costs the attacker gas, it also forces the network to process these useless transactions, consuming computational resources.

Impact

Misleading event logs. The contract will emit BidWithdrawn events for zero-amount withdrawals.

Temporal denial of service. While it might not completely halt the system, it could significantly degrade performance and user experience.

Tools Used

Manual review

Recommendations

Add a check to ensure the unbid amount is greater than zero.