Fjord Token Staking

Summary

The FjordStaking contract has a problem where users can't start a new claim after completing a previous one. This happens because the claim receipt isn't cleared after a claim is processed, causing issues when users try to make new claims.

Vulnerability Details

Claim Check Issue:

• Code: if (claimReceipts[msg.sender].requestEpoch > 0 || claimReceipts[msg.sender].requestEpoch >= currentEpoch - 1) revert ClaimTooEarly();

• Problem: Users are blocked from claiming if requestEpoch isn't reset.

• Setting Claim:

  • Code: claimReceipts[msg.sender] = ClaimReceipt({ requestEpoch: currentEpoch, amount: ud.unclaimedRewards });

  • Current Behavior: Sets the request epoch but doesn’t clear it afterward.

• Completing a Claim:

  • Code: if (currentEpoch - cr.requestEpoch <= claimCycle) revert CompleteRequestTooEarly();

  • Problem: The contract checks if the claim is too early but doesn't reset the claimReceipts after completion.

• Missing Reset:

  • Code: delete claimReceipts[msg.sender]; is not included.

  • Problem: Receipts aren’t deleted, causing blocks on new claims.

Impact

stops user from claiming second time they interact with the claim function

Tools Used

manual code review

Recommendations

Add delete claimReceipts[msg.sender] to the completeClaimRequest function. This will clear the old receipt and allow users to make new claims.