Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

FjordStaking::_redeem Function Makes the Contract Unusable

GeorgiT

Summary

In FjordStaking contract

Vulnerability Details

In FjordStaking::_redeem when calculateReward function is called, last parameter - _toEpoch is set to be currentEpoch - 1 :

ud.unclaimedRewards += calculateReward(
deposit.staked + deposit.vestedStaked, ud.unredeemedEpoch, currentEpoch - 1
);

As currentEpoch is set to 1 in the constructor that makes function calculateReward to be called with a 0 as last parameter.

function calculateReward(uint256 _amount, uint16 _fromEpoch, uint16 _toEpoch)
internal
view
returns (uint256 rewardAmount)
{
rewardAmount =
(_amount * (rewardPerToken[_toEpoch] - rewardPerToken[_fromEpoch])) / PRECISION_18;
}

As 0 is not a valid epoch function will either calculate wrong value or most probably revert as uint cannot be negative. That causes bigger issue as redeemPendingRewards modifier also reverts and currentEpoch is never changed as the only function that changes it is checkEpochRollover which changes are not saved as it is used always with redeemPendingRewards which will revert.

Impact

The whole contract will become unusable.

Tools Used

Manual Review

Recommendations

Add checks to ensure that currentEpoch - 1 > 0

Updates

Lead Judging Commences

inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.