Fjord Token Staking

Summary

The FjordStaking contract contains a vulnerability where users staking at the end of an epoch receive the same rewards as users who staked at the beginning of the epoch. This creates an unfair advantage for users who can time their stakes, allowing them to maximize rewards while minimizing the time their funds are locked.

Vulnerability Details

The vulnerability originates from how the contract handles new stakes and calculates rewards:

1. New stakes are added to newStaked, not totalStaked

   https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordStaking.sol#L368

2. totalStaked is only updated at epoch rollover:

   https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordStaking.sol#L691

3. Rewards are calculated based on totalStaked, excluding newStaked

   https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordStaking.sol#L702

This means that all stakes made within an epoch, regardless of when they were made, are treated equally for reward distribution at the end of that epoch.

Impact

1. Fairness: Users staking for shorter periods within an epoch receive disproportionately high rewards compared to those who stake for the full epoch.

2. Potential for Exploitation: Knowledgeable users could consistently exploit this to maximize their rewards at the expense of other users.

Tools Used

Manual Review

Recommendations

Implement a pro-rata reward system: Calculate rewards based on the exact duration of staking within an epoch. This would require tracking the timestamp of each stake and adjusting the reward calculation accordingly.