Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

loss of funds for users making small bids

kwakudr

Summary

There's a potential for small bids to result in zero claimable tokens due to integer division. This can lead to a situation where:

Users lose their bid amount (in FjordPoints)
The corresponding auction tokens remain stuck in the contract

Vulnerability Details

function auctionEnd() external {

if (block.timestamp < auctionEndTime) {

revert AuctionNotYetEnded();

}

if (ended) {

revert AuctionEndAlreadyCalled();

}

ended = true;

emit AuctionEnded(totalBids, totalTokens);

if (totalBids == 0) {

auctionToken.transfer(owner, totalTokens);

return;

}

multiplier = totalTokens.mul(PRECISION_18).div(totalBids);

// Burn the FjordPoints held by the contract

uint256 pointsToBurn = fjordPoints.balanceOf(address(this));

fjordPoints.burn(pointsToBurn);

}

/**

* @notice Allows users to claim their tokens after the auction has ended.

function claimTokens() external {

if (!ended) {

revert AuctionNotYetEnded();

}

uint256 userBids = bids[msg.sender];

if (userBids == 0) {

revert NoTokensToClaim();

}

uint256 claimable = userBids.mul(multiplier).div(PRECISION_18);

bids[msg.sender] = 0;

auctionToken.transfer(msg.sender, claimable);

emit TokensClaimed(msg.sender, claimable);

}

The key parts of the contract involved in this issue are:

Multiplier calculation in auctionEnd():

multiplier = totalTokens.mul(PRECISION_18).div(totalBids);
Token claiming in claimTokens()

uint256 claimable = userBids.mul(multiplier).div(PRECISION_18);

Let's consider a scenario with the following parameters:

Total Auction Tokens: 1,000,000
Total Bids: 10,000 FjordPoints
PRECISION_18: 1e18 (1,000,000,000,000,000,000)

Step 1: Auction End

The multiplier is calculated as:

multiplier = (1,000,000 * 1e18) / 10,000 = 1e17

Step 2: User with Small Bid

Now, consider a user who bid only 1 FjordPoint. When they try to claim:

claimable = 1 * 1e17 / 1e18 = 0

Due to integer division, this rounds down to 0.

Impact

Users with very small bids lose their FjordPoints without receiving any auction tokens.

A portion of auction tokens remain permanently stuck in the contract.

Tools Used

Manual Review

Recommendations

Implement a minimum bid amount to prevent bids that would result in 0 claimable tokens.

Add a sweep function to allow the redistribution of unclaimed tokens after the auction ends.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Low decimal tokens or super small bids can lead to 0 claims

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.