Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

FjordPoints Burning Discrepancy in FjordAuction Contract

lordofterra

Summary

The FjordAuction contract's auctionEnd() function burns all FjordPoints held by the contract without verifying if this amount matches the totalBids. This discrepancy could lead to burning more or fewer tokens than expected, potentially disrupting the economic model of the auction system.

Vulnerability Details

In the auctionEnd() function, the contract burns FjordPoints as follows:

function auctionEnd() external {

// ... (other checks and logic)

// Burn the FjordPoints held by the contract

uint256 pointsToBurn = fjordPoints.balanceOf(address(this));

fjordPoints.burn(pointsToBurn);

}

The function burns all FjordPoints in the contract, regardless of the totalBids amount, There's no check to ensure pointsToBurn equals totalBids. The contract might accumulate extra FjordPoints or have fewer than expected due to various factors.

Impact

If the contract has received additional FjordPoints through means other than bidding (e.g., direct transfers), it will burn more than the total bids, potentially disrupting the token's economics.
If the contract somehow has fewer FjordPoints than the total bids (e.g., due to a bug or unauthorized withdrawal), it will burn less than expected, leaving some bids unaccounted for.
The discrepancy between burned tokens and total bids could lead to inaccurate reporting of auction results.

Tools Used

manaul review

Recommendations

1: Add a check to ensure the amount of FjordPoints to be burned matches the totalBids:

function auctionEnd() external {

// ... (other checks and logic)

uint256 pointsToBurn = fjordPoints.balanceOf(address(this));

require(pointsToBurn == totalBids, "Burn amount mismatch with total bids");

fjordPoints.burn(pointsToBurn);

}

2: implement a mechanism to handle mismatch

function auctionEnd() external {

// ... (other checks and logic)

uint256 pointsToBurn = fjordPoints.balanceOf(address(this));

if (pointsToBurn > totalBids) {

uint256 excess = pointsToBurn - totalBids;

fjordPoints.transfer(owner, excess); // Transfer excess to a designated address

fjordPoints.burn(totalBids);

} else if (pointsToBurn < totalBids) {

emit InsufficientFundsForBurning(totalBids, pointsToBurn);

fjordPoints.burn(pointsToBurn);

} else {

fjordPoints.burn(totalBids);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.