Fjord Token Staking

Summary

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol

The stake function adds the current epoch to the _activeDeposits[msg.sender] set each time a user stakes. Over time, as users continue to stake in new epochs, this array will grow indefinitely, leading to performance and cost issues.

Vulnerability Details

Each staking transaction increases the size of _activeDeposits[msg.sender], which holds all epochs in which the user has staked. As the size of this array grows, the gas cost for interactions with this set will also increase, especially in functions that iterate through or modify _activeDeposits. Without a mechanism to limit or optimize this growth, gas costs can become prohibitive, leading to failed transactions.

Impact

Increased Gas Costs: As _activeDeposits grows larger, gas costs for interacting with the contract will increase, potentially making the contract too expensive to use.

Risk of Failed Transactions: The risk of transaction failures increases as gas consumption approaches or exceeds the block gas limit, particularly for users with long histories of staking across multiple epochs.

Decreased Usability: Users may become unable to interact with the contract due to excessive gas costs, limiting the contract’s scalability and long-term viability.

Tools Used

Manual Review

Recommendations

Limit Active Epochs: Implement a mechanism to limit the number of epochs stored in _activeDeposits. For example, older epochs could be periodically purged or consolidated.

Use More Efficient Data Structures: Explore alternative data structures that allow more efficient tracking of staking epochs, such as compressed arrays or mapping-based solutions that reduce the gas cost of storing large sets of data.

Periodic Cleanup: Introduce a function to periodically clean up or aggregate older epochs into a more concise format, reducing the overall size of _activeDeposits.