No increase of totalStaked and totalVestedStaked in stake()::FjordStaking.sol and stakeVested()::FjordStaking.sol
Summary
If there is a decrease of totalStaked and totalVestedStaked when unstaking or unstakingVested, it means it should be an increase of totalStaked and totalVestedStaked when staking or stakingVested.
But there is not.
Vulnerability Details
In unstake()::FjordStaking.sol, there is a decrease of totalStakedwhich represents the total amount that is staked.
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol#L471
Same thing for totalStaked and totalVestedStaked in unstakeVested()::FjordStaking.sol:
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol#L531
=> But when we look at the code of stake()::FjordStaking.sol and stakeVested()::FjordStaking.sol, there isn't any increase of totalStaked nor totalVestedStaked.
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol#L368-L439
Impact
Wrong calculation of totalStaked and totalVestedStaked could break the protocol.
Tools Used
Github, VisualCode, Foundry.
Recommendations
Add an increase of totalStaked and totalVestedStaked by the _amount when stake() or stakeVested() to keep a good track of the total amount staked.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.