Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Attack can happen if user `stake` at the end of epoch period

abhan

Summary

stake function call near to end of epoch period is vulnerable to attacks

Vulnerability Details

User can stake FJORD tokens to get the staking rewards. Staking rewards are given in epoch system and one epoch is basically 7 days. So if one user stake at day1 of epoch and the second user stake at day7 of epoch then both the users will get the same staking rewards which is the business logic of the protocol. That means every user will try to stake their token at the end of the epoch period to maximise their rewards.

If a user stake tokens 1 minute before the end of the epoch period then two scenarios can occur depending on when the transaction is mined:

If the transaction mined before the end of epoch period, the user will get reward of that epoch and the next epoch.
If the transaction mined after the end of epoch period, the user will get reward of only next epoch because epoch is changed.

Attackers can grief honest stakers by front-running stake with a series of dummy transactions to fill up the block. If stake is mined after the end of epoch period, staker will not get reward of this epoch. The only way to avoid this is to call stake well before the end of the lockPeriod when block stuffing is not feasible, reducing the potential reward earned by the staker.

function stake(uint256 _amount) external checkEpochRollover redeemPendingRewards {

//CHECK

if (_amount == 0) revert InvalidAmount();

//EFFECT

userData[msg.sender].unredeemedEpoch = currentEpoch;

DepositReceipt storage dr = deposits[msg.sender][currentEpoch];

if (dr.epoch == 0) {

dr.staked = _amount;

@> dr.epoch = currentEpoch;

_activeDeposits[msg.sender].add(currentEpoch);

} else {

dr.staked += _amount;

}

newStaked += _amount;

//INTERACT

fjordToken.safeTransferFrom(msg.sender, address(this), _amount);

points.onStaked(msg.sender, _amount);

emit Staked(msg.sender, currentEpoch, _amount);

}

Impact

User will get lessar staking rewards than intended.

Tools Used

Manual Review

Recommendations

Protocol can mitigate this if they give rewards as per timestamp user staked.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.