Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

fjordStaking::unstakeAll vulnerable to DoS due to Out of Gas Errors

0xw3

Summary

fjordStaking::unstakeAll vulnerable to DoS due to Out of Gas Errors because of unbouded array loop

Vulnerability Details

The vulnerability is present in fjordStaking's unstakeAll method because it has an unbounded loop:

function unstakeAll()

external

checkEpochRollover

redeemPendingRewards

returns (uint256 totalStakedAmount)

{

uint256[] memory activeDeposits = getActiveDeposits(msg.sender);

//... snippet

@> for (uint16 i = 0; i < activeDeposits.length; i++) {

All attempts to unstakeAll will fail for a user who has a lot of activeDeposits (more than 6454) because of gas exhaustion

The following proof of concept shows that all attempts to unstakeAll will fail for a user with a lot of deposits
Add this test case in test/integration/AAAstakeUnstake.t.sol

function testStakeNTimes_Unstake1_UnstakeAllDoS() public {

(uint256 currentTimestamp, uint16 currentEpoch) = (vm.getBlockTimestamp(), 1);

for (uint256 i = 0; i < 6455; i++) {

fjordStaking.stake(1 ether);

currentTimestamp += 1 weeks;

vm.warp(currentTimestamp);

vm.prank(minter);

fjordStaking.addReward(1 ether);

currentEpoch += 1;

}

(uint256 total) = fjordStaking.unstake(1, 1 ether);

assertEq(total, 1 ether);

(uint256 totalStakedAmount) = fjordStaking.unstakeAll();

}

Execute test file with

forge test --mt testStakeNTimes_Unstake1_UnstakeAllDoS

Observe tx will fail and user is unable to unstakeAll his deposits

Impact

Unability to withdraw all staked positions in some scenarios

Tools Used

Manual Review

Recommendations

Implement a new method in fjordStaking that receives a uint parameter that specifies how many deposits to unstake.
This will allow users to unstake and arbitrary amounts of deposits and gas saving instead of unstake positions one by one using unstake method

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.