Fjord Token Staking

Summary

Vulnerability Details

The updatePendingPoints modifier is designed to update a user's pendingPoints based on their stakedAmount and the change in pointsPerToken since their last update. The relevant code snippet is:

The updatePendingPoints modifier updates a user’s pendingPoints by calculating the difference between the current pointsPerToken and lastPointsPerToken, multiplied by the user’s staked amount, and then adds this to the user’s pendingPoints. It ensures that users receive points proportional to their staked amount and the increase in pointsPerToken.
The updatePendingPoints modifier ensures that users earn points based on the amount of tokens they have staked and the increase in pointsPerToken since their last update.

However, if pointsPerToken increases significantly between updates, users who stake more might see less relative increase in points compared to those who staked during a period of slower pointsPerToken growth. This is due to the proportional nature of the owed calculation relative to the stakedAmount.
So, this makes it possible for users who stake more to earn less relative points if the pointsPerToken has increased significantly between their stake and the previous stake, compared to others who staked during a slower growth period.

Impact

Users who stake more tokens during periods of rapid pointsPerToken growth might accumulate less relative points compared to users who staked during slower growth periods. This can create discrepancies in points accumulation that are not proportional to the amount staked, potentially disadvantaging users who contribute more capital during high-growth periods.

Tools Used

Manual

Recommendations

Account for any significant fluctuations in pointsPerToken and adjust the reward distribution logic.