Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

FJO token can be locked in the contract

unique

Summary

The unstakeVested() function handles both partial and full unstaking of vested tokens. However, if the function is called with a partial amount, it does not transfer the tokens back. The function only initiates a token transfer if it is fully unstaking vested tokens. This means that in the case of partial unstaking, the tokens remain locked within the contract.

Vulnerability Details

suppose onSteamCanceledis called by Sliber Contract and they choose less amount so inside of onStreamCancled function _unstakeVested() will be called

_unstakeVested(streamOwner, streamId, amount);

so because it does not fully amount to the unstakeVested the function will not transfer any amount

if (isFullUnstaked) {
sablier.transferFrom({ from: address(this), to: streamOwner, tokenId: _streamID });
}

https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordStaking.sol#L840

https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordStaking.sol#L521

Impact

FJO token can be locked in the contract

Recommendations

a mechanism should be added to the unstakeVested() function that allows for the transfer of tokens even when the user is not fully unstaking.

Updates

Lead Judging Commences

inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.