Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Pending rewards are being incorrectly calculated

maushishreal

Summary

In modifier _checkEpochRollover() pending rewards calculation has been calculated incorrectly

Vulnerability Details

Internal accounting:
New staked: per epoch, total fjord tokens staked also includes new vested-staked amount.
New vestedStaked: per epoch total vested-staked amount
Total staked: contains total fjord tokens staked excluding current epoch amount + total vestedStaked.
Total vestedStaked: contains the total vested-staked amount before the current epoch.
Total rewards: added reward amount by the reward admin

Now current balance would be the balance of the contract which would be:
Total staked+ new staked+ rewards.

Now _checkEpochRollover modifier main functionality is to update the epoch roll over and and also update the pending rewards amount
Here lies our main issue:

function _checkEpochRollover() internal {

uint16 latestEpoch = getEpoch(block.timestamp);

if (latestEpoch > currentEpoch) {

//Time to rollover

currentEpoch = latestEpoch;

if (totalStaked > 0) {

uint256 currentBalance = fjordToken.balanceOf(address(this));

// no distribute the rewards to the users coming in the current epoch

uint256 pendingRewards = (currentBalance + totalVestedStaked + newVestedStaked)

- totalStaked - newStaked - totalRewards; //---------ISSUE-------//

uint256 pendingRewardsPerToken = (pendingRewards * PRECISION_18) / totalStaked;

totalRewards += pendingRewards;

for (uint16 i = lastEpochRewarded + 1; i < currentEpoch; i++) {

rewardPerToken[i] = rewardPerToken[lastEpochRewarded] + pendingRewardsPerToken;

emit RewardPerTokenChanged(i, rewardPerToken[i]);

}

} else {

for (uint16 i = lastEpochRewarded + 1; i < currentEpoch; i++) {

rewardPerToken[i] = rewardPerToken[lastEpochRewarded];

emit RewardPerTokenChanged(i, rewardPerToken[i]);

}

totalStaked += newStaked;

totalVestedStaked += newVestedStaked;

newStaked = 0;

newVestedStaked = 0;

lastEpochRewarded = currentEpoch - 1;

}

Pending rewards calculation would be: current balance of the contract- (total accounted tokens- rewards)
i.e pendingRewards = currentBalance - (totalStaked + newStaked - totalRewards);
which is different from what has been implemented this is due to the double counting of the amount that has been done in variables.

Impact

Incorrect calculation of rewards

Tools Used

Manual review

Recommendations

Implement the right calculations as mentioned in the vulnerability detail above.

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.