Submission Details
Severity:
An arithmetic overflow and Epoch mishandling Edge case.
Summary
In FjordStaking.sol, a function FjordStaking::getEpoch is calculating the epoch or reward distribution. But that function is literally mishandling the epoch calculation and there's an arithmetic overflow also in the calculation although it's at an edge case.
Vulnerability Details
function getEpoch(uint256 _timestamp) public view returns (uint16) {
if (_timestamp < startTime) return 0;
@> return uint16((_timestamp - startTime) / epochDuration) + 1;
}
Poc
poc
Paste the following test snippet into your epoch.t.sol test file
function test_getEpochTimestampMishandling() public {
uint256 startTime = fjordStaking.startTime();
vm.warp(block.timestamp + 39636172800);
// 39635568000
uint256 endTime = block.timestamp;
uint256 epoch = fjordStaking.getEpoch(endTime);
console.log("startTime: ", startTime);
console.log("endTime: ", endTime);
console.log("epoch: ", epoch);
}
output:
Ran 1 test for test/unit/epoch.t.sol:Epoch_Unit_Test
[PASS] test_getEpochTimestampMishandling() (gas: 14289)
Logs:
startTime: 1712397095
endTime: 41348569895
epoch: 1
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.70s (5.89ms CPU time)
as we can see epoch rounded back to one.
Impact
May raise issues in _checkEpochRollover function
Tools Used
Manual review
Recommendations
We can use uint256 instead of uint16
Updates
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
66230 USDC / LOC
16,000 USDC
2,500 USDC
1,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.