Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Inaccurate Reward Calculation for Users Staking Differing Amounts Across Epochs

sohrabhind

Summary

If a user initially stakes a small amount of tokens in an earlier epoch and later stakes a significantly larger amount in a subsequent epoch, the current reward calculation logic lead to an inaccurate distribution of rewards. This occurs because the reward calculation is based on the difference between reward per token values across epochs, without considering the varying amounts staked by the user in different epochs.

Vulnerability Details

  1. Disproportionate Reward Distribution:

    • The calculateReward function calculates rewards based on the difference in rewardPerToken values between epochs, multiplied by the total amount staked.

    • If a user stakes a small amount in an early epoch and then stakes a much larger amount in a later epoch, the function may incorrectly calculate rewards because it doesn't differentiate between the amounts staked across different epochs.

function calculateReward(uint256 _amount, uint16 _fromEpoch, uint16 _toEpoch) internal view returns (uint256 rewardAmount)
{
rewardAmount = (_amount * (rewardPerToken[_toEpoch] - rewardPerToken[_fromEpoch])) / PRECISION_18;
}

Impact

High

Tools Used

Manual Code Review

Recommendations

Calculate rewards separately for each epoch based on the actual amount staked during that epoch, rather than using a cumulative approach.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.