Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Inaccurate Reward Distribution When Multiple Epochs Are Skipped

bladesec

Summary

Due to inaccurate reward distribtin, rewards are distributed over multiple missed epochs.

Vulnerability Details:

The _checkEpochRollover function calculates pendingRewardsPerToken by aggregating all rewards accumulated since the last processed epoch. This total is meant to be distributed over a single epoch, with all pending rewards included in the rewardPerToken for that epoch. But, if multiple epochs are missed, the same pendingRewardsPerToken value is applied across all missed epochs. This could occur an unfairly excessive distribution of rewards.
As well, since totalRewards increases as the pendingRewards value, the rewards available for latter epoches would exceed the intended amount. This discrepancy prevents users from claiming their rightful rewards.

Below is the implementation of _checkEpochRollover function.

function _checkEpochRollover() internal {

uint16 latestEpoch = getEpoch(block.timestamp);

if (latestEpoch > currentEpoch) {

//Time to rollover

currentEpoch = latestEpoch;

if (totalStaked > 0) {

uint256 currentBalance = fjordToken.balanceOf(address(this));

// now distribute the rewards to the users coming in the current epoch

uint256 pendingRewards = (currentBalance + totalVestedStaked + newVestedStaked)

- totalStaked - newStaked - totalRewards;

uint256 pendingRewardsPerToken = (pendingRewards * PRECISION_18) / totalStaked;

totalRewards += pendingRewards;

for (uint16 i = lastEpochRewarded + 1; i < currentEpoch; i++) {

> rewardPerToken[i] = rewardPerToken[lastEpochRewarded] + pendingRewardsPerToken;

emit RewardPerTokenChanged(i, rewardPerToken[i]);

}

} else {

...

}

...

}

Impact

Applying the same pendingRewardsPerToken to multiple missed epochs causes an over-distribution of rewards beyond the balance, and future reward calculations may overlook reserved rewards, potentially preventing users from claiming their entitlements.

Tools Used

Manual review

Recommendation

Update _checkEpochRollover function to prevent any over-distribution of rewards and provide a healthy rewards liqudity for honest users.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.