Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect event emission in `FjordPoints::distributePoints`

shikhar229169

Github Link

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordPoints.sol#L247

Summary

  • distributePoints function emits the event PointsDistributed.

  • The first parameter of the event is the total amount of points that are distributed.

  • But for the case when weeksPending has a value >1, then total points distributed will be weeksPending * pointsPerEpoch.

  • But pointsPerEpoch is passed to the event for every case even if weeksPending has a value >1.

Vulnerability Details

  • The vulnerability is present in the distributePoints function where it passes incorrect argument while emitting the PointsDistributed event.

  • The event expects 2 parameters - total points distributed and points per token.

  • But for the total points distributed it passes pointsPerEpoch which denotes the total points for a single epoch and not total points distributed.

  • As for the case when weeksPending > 1, the total points distributed will be the product of pointsPerEpoch and weeksPending, but instead pointsPerEpoch is passed for every case.

Impact

Incorrect event data emitted leads to incorrect off-chain updation.

Tools Used

Manual Review

Recommendations

Correct the event emission as below:

- emit PointsDistributed(pointsPerEpoch, pointsPerToken);
+ emit PointsDistributed(pointsPerEpoch * weeksPending, pointsPerToken);
Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

distributePoints calls `emit PointsDistributed` with pointsPerEpoch, instead of totalPoints

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.