Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Users cannot claim rewards after three epochs as intended

0xlight

Summary

The comment on line 672 in FjordStaking.sol as well as the diagrams provided by the Fjord team suggest the user should be able to complete their claim request three epochs after the request is created. However, the contract logic currently allows to complete the request only after a minimum of four epochs.

Vulnerability Details

When completing a claim request, the contract checks whether at least four epochs have elapsed since the request was made. The intended behavior, however, is to be able to complete the request after three epochs.

For instance, if a user requests to claim rewards in epoch 3, they should be able to complete the claim in epoch 6 or later. Currently, the staking contract reverts the request completion if the difference between the current epoch and the epoch when the request was made is less than or equal to claimCycle (3 epochs or 21 days).

if (currentEpoch - cr.requestEpoch <= claimCycle) revert CompleteRequestTooEarly();

if (6 - 3 <= claimCycle) revert CompleteRequestTooEarly();

This issue also occurs in the following locations:

Proof of Concept

See the following PoC which demonstrates the above mentioned scenario

// stake.t.sol

function test_CantCompleteRequestAfterThreeEpochs() public {

// alice stakes some FJO

vm.prank(alice);

fjordStaking.stake(2 ether);

// admin adds rewards and skips 1 epochs

_addRewardAndEpochRollover(5 ether, 2);

// start claim request

vm.prank(alice);

fjordStaking.claimReward(false);

// skip 3 weeks + some offset

skip(22 days);

// alice should now be allowed to claim but isn't

vm.prank(alice);

vm.expectRevert(FjordStaking.CompleteRequestTooEarly.selector);

fjordStaking.completeClaimRequest();

}

Impact

Users are required to wait four weeks before they can complete a claim request, instead of the intended three weeks.

Tools Used

Manual Review, Foundry

Recommendations

Check if the difference between epochs is less than lockCycle / claimCycle in all above mentioned instances of this issue.

- if (currentEpoch - cr.requestEpoch <= claimCycle) revert CompleteRequestTooEarly();

+ if (currentEpoch - cr.requestEpoch < claimCycle) revert CompleteRequestTooEarly();

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.