Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Potential Issue with Claimable Amount Calculation in FjordStaking Contract

lonwolfdemon

Summary

The claimTokens function in the FjordAuction contract may result in users receiving a claimable amount of zero due to the effects of integer division and rounding in Solidity, particularly when userBids are small relative to totalBids.

Vulnerability Details

In the calculation:

uint256 claimable = userBids.mul(multiplier).div(PRECISION_18);

  • If totalBids is large and userBids is small, the multiplier becomes very small. Consequently, the product of userBids and multiplier might be less than PRECISION_18, leading to a claimable amount of zero after integer division.

Example Scenario

  • Values:

    • totalTokens = 1,000

    • totalBids = 1,000,000

    • userBids = 1

  • Calculation:

    • multiplier = (1,000 * 10^18) / 1,000,000 = 1 * 10^15

    • claimable = (1 * 1 * 10^15) / 10^18 = 0.001, which truncates to 0.

Impact

Users with small bids may receive no rewards, which can lead to dissatisfaction and perceived unfairness in the bidding process.

Tools Used

manual review

Recommendations

  1. Set a Minimum Claimable Amount: Implement a threshold to ensure that users receive a minimum amount when claiming.

  2. Adjust Precision Handling: Consider using higher precision (e.g., PRECISION_36) if necessary, but ensure consistency throughout the contract.

Updates

Lead Judging Commences

inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Low decimal tokens or super small bids can lead to 0 claims

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.