Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

Submission Details

Severity: medium

Invalid

Handling of Fee-on-Transfer Tokens

Summary: The contract may not correctly handle tokens that implement fees on transfer, leading to incorrect tracking of staked amounts.

Vulnerability Details: Some ERC-20 tokens deduct a fee when they are transferred, meaning the amount received by the contract could be less than the amount sent. The current contract logic appears to assume that the full amount sent is received, which could lead to incorrect accounting of user balances and potential loss of rewards for users.
Impact: Users who stake fee-on-transfer tokens may find that their staked amount is lower than expected, leading to reduced rewards or even loss of principal. This could also cause discrepancies in the contract’s overall balance.
Tools Used: Manual code review.
Recommendations: Implement a check after token transfers to confirm the exact amount received by the contract. Adjust the user’s staked balance accordingly to reflect any transfer fees.

Updates

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.