Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Wrong calculation of reward due to penaltyAmount

ChatGpt

Summary

Wrong calculation of reward due to penaltyAmount

Vulnerability Details

PenaltyAmount levied on early claimer is not transferred out of the contract but totalRewards is subtracted by penaltyAmount as well as rewardAmount.

The issue is totalRewards is used for calculating pendingRewards, which subtracts the totalRewards from contract balance. We reduced totalRewards by penaltyAmount but did not transfer it out from contract therefore contract balance is greater than totalRewards due to penaltyAmount & this penaltyAmount will be considered as reward and will be distributed to stakers

function claimReward(bool _isClaimEarly)
external
checkEpochRollover
redeemPendingRewards
returns (uint256 rewardAmount, uint256 penaltyAmount)
{
//SKIP//
rewardAmount = ud.unclaimedRewards;
penaltyAmount = rewardAmount / 2;
rewardAmount -= penaltyAmount;
if (rewardAmount == 0) return (0, 0);
-> totalRewards -= (rewardAmount + penaltyAmount);
userData[msg.sender].unclaimedRewards -= (rewardAmount + penaltyAmount);
//INTERACT
-> fjordToken.safeTransfer(msg.sender, rewardAmount);
}

_checkEpochRollover(), which calculates the pendingRewards using totalRewards

-> uint256 pendingRewards = (currentBalance + totalVestedStaked + newVestedStaked)
- totalStaked - newStaked - totalRewards;
uint256 pendingRewardsPerToken = (pendingRewards * PRECISION_18) / totalStaked;
totalRewards += pendingRewards;

Impact

This is a loss to protocol as penaltyAmount is distributed to other stakers

Tools Used

VS code

Recommendations

Remove the penaltyAmount from contract from contract

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.