`newStake` amount is recorded in `stakeVested` leading to incorrect calculation of rewards for user who staked his vested FJO tokens
newStake amount is recorded in stakeVested leading to incorrect calculation of rewards for user who staked his vested FJO tokens
Vulnerability Details
The function FjordStaking::stake records each newStake amount during an epoch.
On the other hand, the function FjordStaking::stakeVested records the staked vFJO token in the FjordStaking contract during an epoch via the variable newVestedStaked. However, as depicted below, it also increases the value of newStake, which is not fit for its purpose.
Although in _unstakeVested, the value of newStake has been adjusted alongside with newVestedStaked, it can create confusion. In addition, in the function _checkEpochRollover as described below, the pendingRewards is calculated with consideration of newStaked. If a user who has staked massively his vested FJO, he can get a disadvantage on the pending reward as the value of the variable pendingRewards will be reduced due to the accounting of new staked vFJO inside newStaked.
Impact
A user who stakes his vested FJO can have his reward wrongly calculated, hence, losing his legitimate points.
Tools Used
Manual review.
Recommendations
newStake should only account for the new staked FJO tokens.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.