Epoch Manipulation Allows Premature Unstaking in FjordStaking Contract
Summary
The unstake function in the FjordStaking contract is vulnerable to epoch manipulation, allowing users to bypass the required lock-up period. This can lead to premature withdrawals of tokens, undermining the intended lock cycle.
Vulnerability Details
The lock cycle requires users to wait 6 epochs before unstaking. However, users can exploit this by providing an earlier epoch value (e.g., epoch 1) even if their deposit was in a later epoch (e.g., epoch 5). The function does not verify if the deposit epoch adheres to the lock cycle, allowing early unstaking.
Impact
There is no check to ensure the unstake request is valid based on the actual deposit epoch. This allows users to bypass the lock cycle by manipulating epoch values
Tools Used
Manual Review
Recommendations
Ensure that unstake operations are validated against the actual deposit epoch to enforce lock cycle requirements.
Stop taking function paramerter from user explicity, instead take them automatically
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.