Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

pendingRewards calculation is distributing more tokens than intended

0xrochimaru

Summary

The method _checkEpochRollover() calculates the received rewards on each epoch and calculates reward per token. The pendingRewards is inflated because the vested amount received by the Sablier stream is calculated as part of pendingRewards.

Vulnerability Details

The calculation of pendingRewards is as follows. totalStaked and newStaked includes totalVestedStaked and newVestedStaked. So they as added as the vested tokens are not streamed in the staking contract. It's assumption is the new rewards sent to the contract by the distributor will be the pendingRewards. But it also includes the sablier streamed payment. That payment is also getting considered in the pendingRewards.

uint256 pendingRewards = (currentBalance + totalVestedStaked + newVestedStaked)
- totalStaked - newStaked - totalRewards;

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol#L702

Impact

  • Alice stakes $10 in stake() and $30 NFT with unstakeVested().

  • Reward Distributor sends $5 to the staking contract.

  • Now, Sablier sends $5 steam to the staking contract.

  • The pendingRewards will be $50 + $30 - $40 = $10. Only $5 was sent as a reward pool for current epoch but $5 of steam is also considered as rewards making total rewards as $10

Tools Used

Vs Code

Recommendations

Instead of calculating with balanceOf, we can save the distributed rewards and directly use that amount for pendingRewards calculation.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.