Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Possible integer truncation in `FjordAuction::claimTokens` could lead to loss of rewards

hlx

Summary

The FjordAuction.sol contract provided is susceptible to an integer truncation issue during the calculation of claimable auction tokens in the claimTokens function. This occurs when the numerator (a user's bid multiplied by the calculated multiplier) becomes smaller than the denominator (precision factor). The result is that users may potentially experience a complete loss of rewards for small bids.

Vulnerability Details

In the FjordAuction::claimTokens function, the amount of auction tokens a bidder can claim is determined by multiplying their bid (userBids) by the multiplier, and then dividing by a precision factor (PRECISION_18). The calculation is performed as follows:

uint256 claimable = userBids.mul(multiplier).div(PRECISION_18);

https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordAuction.sol#L217

This formula is vulnerable to integer truncation because Solidity does not handle floating-point arithmetic and instead truncates any fractional results. If the product of userBids * multiplier is less than PRECISION_18, the resulting claimable amount may be truncated to zero. This is especially likely when:

The total tokens available for rewards (totalTokens) is small.
The total bids received (totalBids) is large.
Individual bids (userBids) are small.

This scenario can result in a situation where users receive no tokens, despite having placed valid bids. This breaks the logic intent of the auction where every bidder should be able to obain a reward in proportion to the total bids.

Impact

Loss of auction tokens for bidders who place small bids.

Tools Used

Manual review.

Recommendations

Introduce a minimum bid amount that ensures the numerator in the claimTokens calculation is large enough to avoid truncation. This would ensure that all bids result in a non-zero claimable amount, protecting users from losing their rewards due to small bids.
Alternaltively, clearly inform bidders that they could lose their points and portion if the rewards if their bids are too small relative to the totalBids.

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Low decimal tokens or super small bids can lead to 0 claims

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.