Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect Reward Accounting Due to Improper Function Ordering in FjordStaking::addReward

u45984

Summary

In _checkEpochRollover(), the function calculates pending rewards based on the current balance:

uint256 currentBalance = fjordToken.balanceOf(address(this));
uint256 pendingRewards = (currentBalance + totalVestedStaked + newVestedStaked)
- totalStaked - newStaked - totalRewards;

If the following order is executed, this will include the newly added rewards, potentially leading to incorrect reward distributions.

fjordToken.safeTransferFrom(msg.sender, address(this), _amount);
_checkEpochRollover();

Vulnerability Details

By calling _checkEpochRollover() first, we ensure that the reward is added to the correct epoch. This is particularly important if the addReward call happens right at an epoch boundary. If _checkEpochRollover() makes significant state changes (like updating totalStaked or distributing rewards), it's better to do these before adding new rewards to ensure a consistent state.

Impact

Leads to incorrect reward distributions

Tools Used

Manual Review

Recommendations

Change the execution order in the addReward function.

- fjordToken.safeTransferFrom(msg.sender, address(this), _amount);
_checkEpochRollover();
+ fjordToken.safeTransferFrom(msg.sender, address(this), _amount);
Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.