Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Incorrect conditional check for unsigned integers

hendobox

Summary

This issue has to do with a conditional that checks if a value less than or equal to zero. However, the use of <= 0 is incorrect for unsigned integers, such as uint128, which cannot represent negative values.

Vulnerability Details

The conditional check if (depositedAmount - (withdrawnAmount + refundedAmount) <= 0) is logically flawed because uint128 variables in Solidity are always non-negative.

FjordStaking.sol#L412

The current logic incorrectly implies that a negative value could exist, which is impossible with uint128. This could lead to unnecessary reverts and potentially disrupt contract operations that rely on precise balance checks.

Impact

The use of <= 0 instead of == 0 introduces a logical error that can cause unnecessary transaction reverts, leading to disruptions in the expected functionality.

Tools Used

Manual review

Recommendations

Use == 0 instead of <= 0

- if (depositedAmount - (withdrawnAmount + refundedAmount) <= 0) revert InvalidAmount();

+ if (depositedAmount - (withdrawnAmount + refundedAmount) == 0) revert InvalidAmount();

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.