Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

FjordAuction.sol:claimTokens() should check if claimable >0 and keep the left bids for users

zhanmingjing

Summary

FjordAuction.sol:claimTokens() should check if claimable >0 and keep the left bids for users.

Vulnerability Details

In FjordAuction.sol:claimTokensf(), claimable may be rounded down to 0. In this case, although users bid amountA, will get nothing, bids[msg.sender] should not be set to 0.

Similarly, token numbers such as 1.9、2.9 will be rounded down to 1 and 2, users will suffer some loss.

Impact

Users will suffer some loss if their bids is not coincidentally suitable for some tokens.

Tools Used

manually reviewed

Recommendations

1, only transfer tokens if claimable > 0

2, calculate the lefted bids, allow users to withdraw those bids.

function claimTokens() external {
if (!ended) {
revert AuctionNotYetEnded();
}
uint256 userBids = bids[msg.sender];
if (userBids == 0) {
revert NoTokensToClaim();
}
uint256 claimable = userBids.mul(multiplier).div(PRECISION_18);
if (claimable > 0)
{
uint256 left_bid = bids[msg.sender] - claimable.mul(totalBids).div(totalTokens);
if (claimable.mul(totalBids)%totalTokens > 0 && left_bid > 0)
{
left_bid = left_bid - 1;
}
bids[msg.sender] = left_bid;
auctionToken.transfer(msg.sender, claimable);
emit TokensClaimed(msg.sender, claimable);
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.