Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Truncation vulnerability in getEpoch function due to unsafe casting

ManuelSage321

##Summary

The getEpoch function is vulnerable to truncation when casting a uint256 value to uint16if the number exceeds 6,535, Since uint16 can only store values between 0 and 6,535

##Vulnerability Details

The function that is affected is getEpoch, here is the line of code:

return uint16((_timestamp - startTime) / epochDuration) + 1;
}

  • The function calculates the number of epochs by dividing the difference between _timestamp and startTime by epochDuration.

  • This calculation results in a uint256 value. However, the function then casts this value to uint16.

  • Since uint16 can only store values between 0 and 6,535, any value larger than 6,535will be truncated, meaning only the lower 16 bits are kept, and the higher bits are discarded.

  • This can lead to the function returning an incorrect epoch number, especially as time progresses and more epochs pass.

    Here is the relevant git-hub link:

    https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordStaking.sol#L330

##Impact

This truncation can result in incorrect epoch numbers and can cause significant issues in any part of the contract that relies on accurate epoch calculations.

##Tools Used

Manual

##Recommendations

Use a higher value or if returning a uint16 is absolutely necessary, consider implementing a check before the cast to ensure the value does not exceed 6,535. If it does, the function should revert or handle the case appropriately to prevent incorrect values from being returned.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.