Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unnecessary double check user's unclaimedRewards when claimReward

eason

Summary

When user claims reward from the claim receipt, the contract will check if the user has unclaimed reward. However, the contract will also check if the user has claimed reward before. This double check is unnecessary and can be removed to save gas.

Vulnerability Details

The vulnerability stems from the double check in the code. The line if (ud.unclaimedRewards == 0) revert NothingToClaim(); is meant to check if the user has unclaimed reward. However, this check is also performed in the line if (rewardAmount == 0) return (0, 0);. This double check is unnecessary and can be removed to save gas.

Impact

Waste of gas

Tools Used

Manual Review

Recommendations

Consider removing the unnecessary double check if (rewardAmount == 0) return (0, 0);.

function claimReward(

bool _isClaimEarly

)

external

checkEpochRollover

redeemPendingRewards

returns (uint256 rewardAmount, uint256 penaltyAmount)

{

//CHECK

UserData storage ud = userData[msg.sender];

// do not allow to claimReward while user have pending claimReceipt

// or user have claimed from the last epoch

if (

claimReceipts[msg.sender].requestEpoch > 0 ||

claimReceipts[msg.sender].requestEpoch >= currentEpoch - 1

) revert ClaimTooEarly();

if (ud.unclaimedRewards == 0) revert NothingToClaim();

//EFFECT

if (!_isClaimEarly) {

claimReceipts[msg.sender] = ClaimReceipt({

requestEpoch: currentEpoch,

amount: ud.unclaimedRewards

});

emit ClaimReceiptCreated(msg.sender, currentEpoch);

return (0, 0);

}

rewardAmount = ud.unclaimedRewards;

penaltyAmount = rewardAmount / 2;

rewardAmount -= penaltyAmount;

//@audit here is unnecessary double check

- if (rewardAmount == 0) return (0, 0);

totalRewards -= (rewardAmount + penaltyAmount);

userData[msg.sender].unclaimedRewards -= (rewardAmount + penaltyAmount);

//INTERACT

fjordToken.safeTransfer(msg.sender, rewardAmount);

emit EarlyRewardClaimed(msg.sender, rewardAmount, penaltyAmount);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.