User can stake just before epoch changes and immediately claim reward at the next epoch.
Vulnerability Details
FjordStaking.sol - In the current implementation, the epoch is tracked using the variable currentEpoch
This approach does not guarantee that the user will stake for the full 7 days for each epoch.
PoC
The protocol is deployed and legitimate users begin staking immediately.
Attacker waits for the time before epoch finishes (say on the 7th day)
On the beginning of 8th day the
currentEpochis now 2The protocol regards that both the legitimate users and attacker have staked for an entire epoch which is FALSE.
Both the legitimate users and attacker claim their rewards.
Note: In the current implementation theud.unclaimedRewardsis not updated correctly thus claiming will revert withNothingToClaim()This is another separate finding.
Impact
Unfairness to early stakers.
Unfair advantage to stakers who monitor the
currentEpoch. to stake and claim reward after short time.
Tools Used
Manual review
Recommendations
Consider also tracking the time that user stakes so that the time spent staking is proportional to the rewards.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.