Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

In _redeem function unclaimedRewards calculations can lead to double counting of rewards

sohrabhind

Summary

The _redeem function in FjordStaking has a potential flaw where rewards may be incorrectly calculated and added twice for the same period if the unredeemedEpoch is set. This issue arises when rewards for the unredeemedEpoch are calculated both outside and within the conditional block, leading to possible double accumulation of rewards for the period from unredeemedEpoch to currentEpoch - 1.

Vulnerability Details

If unredeemedEpoch is set, the function first calculates rewards from lastClaimedEpoch to currentEpoch - 1 and adds them to unclaimedRewards.
Subsequently, within the conditional block that checks for unredeemedEpoch, the function again calculates rewards for the same period (from unredeemedEpoch to currentEpoch - 1) and adds them to unclaimedRewards.

function _redeem(address sender) internal {

//1. Get user data

UserData storage ud = userData[sender];

ud.unclaimedRewards +=

calculateReward(ud.totalStaked, ud.lastClaimedEpoch, currentEpoch - 1);

ud.lastClaimedEpoch = currentEpoch - 1;

if (ud.unredeemedEpoch > 0 && ud.unredeemedEpoch < currentEpoch) {

// 2. Calculate rewards for all deposits since last redeemed, there will be only 1 pending unredeemed epoch

DepositReceipt memory deposit = deposits[sender][ud.unredeemedEpoch];

// 3. Update last redeemed and pending rewards

ud.unclaimedRewards += calculateReward(

deposit.staked + deposit.vestedStaked, ud.unredeemedEpoch, currentEpoch - 1

);

ud.unredeemedEpoch = 0;

ud.totalStaked += (deposit.staked + deposit.vestedStaked);

}

Impact

Users will receive rewards that are significantly higher than what they are entitled to.

Tools Used

Manual Code Review

Recommendations

Ensure that the reward for the unredeemedEpoch is only calculated and added once.

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.