Disproportionate Reward Distribution Due to Epoch-Based Staking Manipulation
Summary
A user can stake multiple times within the same 7-day epoch, which opens the door for exploitation. A malicious user could stake a minimal amount, such as 1 token, at the start of the epoch and then strategically add 99 more tokens on the last day. By doing so, they can disproportionately earn rewards as if they had staked 100 tokens for the entire epoch, despite only having a large stake for a short period. This allows them to maximize rewards with minimal commitment and less time invested.
Vulnerability Details
Assuming we are in the 2 epoch
If a user stakes 1 FJO at the start of Epoch 2, the _checkEpochRollover function calculates the rewards for the previous epoch. If the user then stakes additional FJO tokens on the 6th day of Epoch 2, the condition:
will not be triggered because Epoch 2 has not yet ended. As a result, when the new Epoch begins, _checkEpochRollover will calculate the rewards for all tokens staked during Epoch 2 regardless of whether they were staked on the first day or the last day.
Impact
The vulnerability allows users to manipulate reward calculations by staking tokens at different times within the same epoch. Specifically, users can stake a minimal amount of tokens early in an epoch and then stake additional tokens later in the same epoch to receive a disproportionately high amount of rewards.
Tools Used
Manual Review
Recommendations
Adjust the reward calculation mechanism to account for the specific staking date within an epoch. This can be achieved by implementing a proportional reward system based on the duration for which tokens are staked within an epoch.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.