Fjord Token Staking

Summary

The unstakeAll function in the FjordStaking contract is vulnerable to a Denial of Service (DoS) attack. A malicious user can create numerous small deposits over time, causing the unstakeAll function to iterate over a large number of deposits. This can lead to the function consuming more gas than the block gas limit, making it impossible to execute.

Vulnerability Details

The unstakeAll function iterates over all active deposits of a user:

A malicious user could exploit this by:

1. Making numerous small deposits over a long period.

2. When attempting to unstake, the loop in unstakeAll would try to process all these deposits, potentially exceeding the block gas limit.

Proof of Concept:

1. Attacker makes 1000 deposits of 0.001 ether each over 1000 epochs.

2. Attacker calls unstakeAll.

3. The function attempts to process all 1000 deposits, exceeding the block gas limit.

4. The transaction fails, and the attacker's funds (and potentially other users' funds) are locked.

Impact

Users who have made multiple small deposits over time may be unable to unstake all their tokens at once. This could effectively lock their funds in the contract, as the unstakeAll function would always fail due to exceeding the gas limit. This severely impacts the usability of the contract and could lead to significant financial losses for users.

Tools Used

Manual Review

Recommendations

• Implement a batched withdrawal system that allows users to unstake a specified number of deposits at a time.

• Add a maximum limit to the number of deposits that can be processed in a single unstakeAll call.