Fjord Token Staking

Summary

The unstake function in the FjordStaking contract has a vulnerability that allows users to bypass the intended lock-up period by exploiting epoch values. This issue can be exploited to unstake tokens even if the proper lock cycle period hasn't elapsed, potentially leading to unfair withdrawals.

Vulnerability Details

Bypassing Lock Cycle: For instance, the lock cycle is set to 6 epochs, the user should ideally wait 6 epochs after the deposit before unstaking unless they try to unstake in currentEpochPeriod. However, if a user deposits in epoch 5, they are expected to wait until epoch 11 (5 + 6) to unstake. But by providing epoch 1 (which is much earlier than their actual deposit epoch), the function does not check the deposit epoch and incorrectly allows the user to unstake early .

Lack of Deposit Check: The function lacks a check to verify the actual deposit epoch against the lock cycle period. As a result, users can manipulate the epoch value to avoid the intended waiting period and withdraw tokens prematurely.

they need to check the currentEpoch, againt the depoistedEpoch

Impact

Bypassing Lock Cycle: Users can unstake their tokens immediately regardless of the actual epoch deposit if the provided epoch is sufficiently old. This undermines the lock cycle mechanism intended to prevent early unstaking, if user don't try to claim in currectEpochPeriod

Tools Used

Manual Code Review

Recommendations

Epoch Validation: Ensure that the provided epoch is validated against actual deposit epochs

Do not allow users to specify an epoch value when calling the unstake function. Instead, automatically determine the epoch based on the user's deposit history