Fjord Token Staking

Summary

The claimReward function incorrectly handles the penalty amount for early claims, resulting in the penalty being locked in the contract and not being redistributed or managed appropriately. The function reduces totalRewards by the sum of both the reward and penalty amounts, but the penalty amount remains within the contract rather than being allocated or transferred as required.

Vulnerability Details

In the claimReward function:

• The reward amount is correctly distributed to the user, but the penalty amount is not transferred or redistributed.

• The penalty is deducted from totalRewards but is not sent to any account or handled in any way.

• As a result, the penalty amount is essentially locked in the contract and not effectively utilized or transferred according to the intended business logic.

Impact

The main consequence is that the penalty amount is never redistributed or made available for use, which could lead to:

• Unutilized funds within the contract that could have been used for other purposes or returned to stakeholders.

• Potential discrepancies in the contract's reward management, as the penalties are not properly managed or accounted for.

Tools Used

Manual Code Review

Recommendations

To resolve the issue, consider the following actions:

1. Redistribute or Transfer Penalty Amount: Implement logic to transfer the penalty amount to a designated account, such as the contract owner’s address, or a specified account for handling penalties.

2. Simplify Reward Deduction: The line userData[msg.sender].unclaimedRewards -= (rewardAmount + penaltyAmount) can be simplified to userData[msg.sender].unclaimedRewards = 0, as the penalty and reward amounts together equal the unclaimedRewards.

3. Update Business Logic: Ensure that the business logic is clearly defined for handling penalty amounts, either by transferring them to a specific address or by incorporating them into another part of the contract’s functionality.