Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Users may not be able to claim rewards earlier

drynooo

Summary

When the user calls claimReward and _isClaimEarly==false, if the user wants to withdraw the reward earlier and accept the penalty. He cannot call the claimReward function again.

Vulnerability Details

background:

  1. If the claimReward function has been called and it has not reached 3 weeks, it cannot be called again.

  2. Users can determine whether to accept the penalty and skip the three-week waiting period through the parameters of the claimReward function.

So if the user has already called the claimReward function once and chosen to wait 3 weeks, he cannot change his decision. He cannot withdraw the reward early.

function claimReward(bool _isClaimEarly)
external
checkEpochRollover
redeemPendingRewards
returns (uint256 rewardAmount, uint256 penaltyAmount)
{
//CHECK
UserData storage ud = userData[msg.sender];
// do not allow to claimReward while user have pending claimReceipt
// or user have claimed from the last epoch
if (
claimReceipts[msg.sender].requestEpoch > 0
|| claimReceipts[msg.sender].requestEpoch >= currentEpoch - 1
) revert ClaimTooEarly();

Impact

Users cannot use the claimReward function to withdraw rewards in advance, which is a design flaw. So I think the influence is Med. The possibility that the user wants to call this is Med/Low. So I think the ultimate risk is Med/Low.

Tools Used

manual

Recommendations

It is recommended to modify the judgment logic of claimReward function and increase the priority of _isClaimEarly.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.