Fjord Token Staking

Relevant Github Links

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol#L637

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol#L673

Summary

• The users are expected to claim their rewards after 21 days from getting their ClaimReceipt via claimReward function.

• It measures the 21 days in terms of epochs where 1 epoch is equivalent to 1 week, thus a user should be able to claim their amount from the receipt after 3 epochs.

• But due to incorrect implementation of checking time from receipt creation prevents the user from claiming their receipt amount even after 21 days, and can only be claimed only after 28 days for the user who staked at the start of an epoch.

Vulnerability Details

• The vulnerability is present in the time checking mechanism for the claiming the amount from receipt.

• The implementation checks 21 days in terms of epochs as follows:

• Here, requestEpoch denotes the epoch at which request is created and only allows redeeming after 3 epochs has completed from current epoch.

• Suppose that if a user gets their receipt at starting of epoch 4, then they will be allowed to redeem their receipt after 3 epochs from epoch 4, i.e., at epoch 8.

• Therefore, in the above example the user's receipt was withdrawn at epoch 8, but was created at starting of epoch 4 having a full gap of epochs - 4, 5, 6, 7 which equals to time difference of 4 epoch = 4 weeks = 4 * 7 days = 28 days.

• Thus, the above example demonstrates that the current implementation allowed that user to redeem their receipt after 28 days. This arises due to checking enough time has passed in terms of epochs instead of the timestamp at which receipt was generated.

Impact

The user will not be able to claim after 21 days have passed for the above discussed scenario.

Tools Used

Manual Review

Recommendations

Instead of using the epochs for checking 21 days have passed from receipt generation, use the block timestamp to check it.