Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Stream Senders cannot cancel streams when the recipient have vestedStaked tokens in `FjordStaking`.

0xlookman

Summary

The way FjordStaking::onStreamCanceled is implemnted makes it impossible for stream sender to cancel streams

Vulnerability Details

According to the sablier documentation Link To Docs

onSablierLockupCancel
Responds to cancellations.

Notes:

The function MUST return the selector ISablierLockupRecipient.onSablierLockupCancel.selector.

If this function reverts, the execution in the Lockup contract will revert as well.

FjordStaking::onStreamCanceled does not return ISablierLockupRecipient.onSablierLockupCancel.selector

function onStreamCanceled(

uint256 streamId,

address sender,

uint128 senderAmount,

uint128 /*recipientAmount*/

) external override onlySablier checkEpochRollover {

address streamOwner = _streamIDOwners[streamId];

if (streamOwner == address(0)) revert StreamOwnerNotFound();

_redeem(streamOwner);

NFTData memory nftData = _streamIDs[streamOwner][streamId];

uint256 amount =

uint256(senderAmount) > nftData.amount ? nftData.amount : uint256(senderAmount);

_unstakeVested(streamOwner, streamId, amount);

emit SablierCanceled(streamOwner, streamId, sender, amount);

}

Link to code Line 823

As you can see above the bytes4 selector is not returned by the above function to the sablier contract hence the SablierV2LockUp::_cancel will revert.

SablierV2LockUp::_cancel Line 596

if (selector != ISablierLockupRecipient.onSablierLockupCancel.selector) {

revert Errors.SablierV2Lockup_InvalidHookSelector(recipient);

}

By implementing the FjordStaking::onStreamCanceled it shows that the developers of the FjordStaking contract wanted to make it possible for the stream senders to cancel streams if they want. By this poor implementation of FjordStaking::onStreamCanceled this service is denied

Impact

Denial of service to stream senders.

Tools Used

Manual Review

Recommendations

Consider returning the the bytes4 selector at the end of FjordStaking::onStreamCanceled function.

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.