Fjord Token Staking

Summary

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol

The newStaked variable is incremented by the staking amount in the stake function, but there is no explicit handling to reset or manage it. If newStaked is used in reward distribution or other calculations, failing to reset it could lead to incorrect results.

Vulnerability Details

The contract updates the newStaked variable with every staking transaction, but it does not reset or manage it within the function. If newStaked is used for reward calculations or other critical accounting tasks, this mismanagement can lead to incorrect calculations, such as over-rewarding or under-rewarding users. The lack of proper state management for newStaked can introduce inconsistencies in staking and reward tracking.

Impact

Incorrect Reward Distribution: Users may receive incorrect rewards if the newStaked variable is not managed properly, leading to potential financial losses or unfair distributions.

Inconsistent Staking Data: Mismanagement of newStaked could result in inaccurate tracking of staking amounts, affecting various functions that rely on correct staking data, such as penalty calculations, withdrawal limitations, or governance voting weights.

Tools Used

Manual Review

Recommendations

Proper Reset Mechanism: Implement a reset mechanism for newStaked at the end of each relevant period, such as after rewards are distributed or when an epoch ends.

Thorough Testing: Test all contract functions that rely on newStaked to ensure that the variable is managed correctly throughout the contract’s lifecycle. This should include scenarios where users stake in multiple epochs to verify that newStaked behaves as expected.

Clear Documentation: Ensure the contract’s documentation clearly explains how newStaked is intended to be used and reset, so that future developers or auditors understand its role and constraints.