Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing functionality in the FjordPoints

tpiliposian

Summary

The constructor of the FjordPoints contract is documented to initialize the contract, but it fails to set the staking address, which is essential for its operations.

Vulnerability Details

/**

* @dev Sets the staking contract address and initializes the ERC20 token.

constructor() ERC20("BjordBoint", "BJB") { //@audit not setting the staking contract

owner = msg.sender;

lastDistribution = block.timestamp;

pointsPerEpoch = 100 ether;

}

Proper initialization of the staking address is crucial as it affects functions like onStaked and onUnstaked.

Impact

The contract relies on the staking address to record staked and unstaked tokens. Without setting this address, the contract cannot properly interact with the staking mechanism, leading to potential failures in token management, until it is set manually by calling setStakingContract() function.

Tools Used

Manual review.

Recommendations

Modify the constructor to include initialization of the staking address.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.