lack of slippage protection in the stake function of the FjordStaking contract
Summary:
The "Lack of Slippage Protection in the Stake Function of the FjordStaking Contract" vulnerability indicates the absence of a mechanism to handle slippage during token transfers within the stake function.
Vulnerability Details:
This function is responsible for transferring FJORD tokens from the user's address to the contract for staking. However, it does not account for potential slippage, which can occur if the actual number of tokens transferred is less than intended due to transaction fees or other factors. This oversight can lead to discrepancies in the contract's accounting, as the newStaked and DepositReceipt values may not accurately reflect the tokens received.
Impact:
slippage occurs and fewer tokens are transferred than intended, the contract's internal records (e.g., newStaked and DepositReceipt) will not match the actual tokens received. This discrepancy can lead to inaccurate calculations for the user's stake, potentially affecting future rewards, interest, or dividends that the user is entitled to receive.
Potential Loss of Funds: Users may inadvertently lose tokens due to slippage without realizing it.
Tools Used:
Manual review
Recommendations:
recommended that the function verify the actual amount of tokens transferred and adjust the internal accounting accordingly.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.