Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

The `unstakeAll` function incorrectly deletes the `DepositReceipt` from the `deposits` mapping, even when the user still has a staked amount.

unique

Summary

unstack() and vestedStakedand() have a ifconditon that check if a user vestedStaked = 0 and staked = 0 if it become true it will delete the DepositReceipt from the deposits mapping and remove the epoch from the _activeDeposits set for the user. but in a unstakeAll() the `if` condition check only vestedStaked = 0

Vulnerability Details

If a user calls unstakeAll and has a DepositReceipt with zero dr.vestedStaked but a non-zero dr.staked, the contract will delete the DepositReceipt from the deposits mapping and remove the epoch from the _activeDeposits set for the user.

// no vested staked and stake is 0 then delete the deposit
if (dr.vestedStaked == 0) {
delete deposits[msg.sender][epoch];
_activeDeposits[msg.sender].remove(epoch);
} else {
// still have vested staked, then only delete the staked
dr.staked = 0;
}

https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordStaking.sol#L588

Impact

user will lose their staked

Tools Used

Recommendations

+ if (dr.staked == 0 && dr.vestedStaked == 0) {
Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.