Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Low severity issues

ast3ros

[L-1] Unnecessary safeMath library in contracts

The contracts use the SafeMath library to prevent overflow and underflow. However, Solidity 0.8.21 has built-in checks for overflow and underflow, making the SafeMath library unnecessary in these contracts.

[L-2] PENDING status is accepted as a warm stream in the FjordStaking contract

When stakeVested, the contract checks if the stream is a warm stream.

function stakeVested(uint256 _streamID) external checkEpochRollover redeemPendingRewards {
//CHECK
if (!sablier.isStream(_streamID)) revert NotAStream();
if (sablier.isCold(_streamID)) revert NotAWarmStream();
...
}

https://github.com/Cyfrin/2024-08-fjord/blob/14cab810598ddda6008d9523d0ed4a428b1b1153/src/FjordStaking.sol#L397-L439

The sablier.isCold() function only checks if the status of the stream is different from SETTLED, CANCELED, or DEPLETE. This implementation allows PENDING and STREAMING statuses to be considered as "warm". However, PENDING means the stream has been created but not started yet, and it could be scheduled to start far in the future.

function isCold(uint256 streamId) external view override notNull(streamId) returns (bool result) {
Lockup.Status status = _statusOf(streamId);
result = status == Lockup.Status.SETTLED || status == Lockup.Status.CANCELED || status == Lockup.Status.DEPLETED;
}

It's recommended that instead of using sablier.isCold(), explicitly check if the stream status is STREAMING. This ensures that only active streams can be staked.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.