Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential DoS by due to unbounded iteration in FjordStaking.sol::unstakeAll() function

4eyes

Vulnerability Details

In FjordStaking.sol The mapping _activeDeposits is used for accounting in which epoch user have staked tokens. It is unbounded array that holds every epoch that user have staked tokens.
When unstakeAll() functions is called it iterates through all eras in which the user has a stake and calculate staked tokens for every epoch.
Attacker can call stake() with small amount in every epoch, until the count of epoch in _activeDeposits is too large. By generating a large number of epoch the attacker causes the array returned by _activeDeposits to become excessively large. This leads to high gas consumption and potential transaction failure due to insufficient gas.

Impact

Mallicious user can call FjordStaking.sol::unstakeAll() with a large number of epochs and may interfere with other transactions in any block in which it is included. This will prevent the normal functioning of the protocol.

Tools Used

Manual review

Recommendations

There are 2 ways:

    • Limit the number of iterations in the unstakeAll() function.

    • Set a maximum limit on active deposits.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

julianavantgarde Submitter
about 1 year ago
inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.